Threat Chronicles: Learning from Singapore’s Latest Breaches

In today's digital age, cyber threats are evolving at an unprecedented pace, posing significant risks to businesses of all sizes. To help organisations avoid these threats, Protos Labs has initiated a comprehensive threat research series titled "Chronicles."

This series is spearheaded by our expert research team, which is equipped with deep capabilities in dark web monitoring and threat intelligence. Our objective is to provide actionable insights and practical recommendations to bolster the cyber resilience of SMEs in Singapore. 

Over the past few months, Singapore has witnessed several high-profile data breaches and cyber-attacks. In this blog post, we will delve into three significant incidents: 

1. Data breach of a group of money lenders 
2. Ransomware attack on a local law firm 
3. Data breach of a large retailer 

We will analyse what transpired in each case and consolidate key takeaways for SMEs to enhance their cybersecurity posture. 

Case Study 1: Data Breach of a Money Lender 

In the first incident, a data leak involved Singapore money lenders. The threat actor stole 54.6GB of data, including over 300,000 reports of individuals in Singapore.

Each report contained personal information such as names, ID numbers, loan information, payment and repayment status, and loan guarantor's status.

The threat actor informed the company about the breach, but they ignored the requests to negotiate the safety of the data. As a result, the threat actor leaked the first 10,000 reports publicly, which our threat research team found. This data breach exposed individuals to potential risks such as identity theft and financial and reputation damage.

Currently, the root cause of the breach is not known.  

Case Study 2: Ransomware Attack on a Local Law Firm 

A local law firm recently experienced a ransomware attack.

The attack encrypted the law firm's ESXi virtualisation platform, which stores critical client files and financial records, rendering them inaccessible. The attackers demanded a ransom payment in exchange for the decryption key.

Protos Labs' research team found leaked details of negotiation chats with ransomware threat actors, indicating that sensitive financial information and client records were exfiltrated. Currently, the root cause of the breach is not known. 

The following snippet captures a conversation between the threat actor ("We") and the law firm ("You"). 

Case Study 3: Data Breach of a Large Retailer 

The third incident involved a large retailer in Singapore, where a data breach resulted in customer information leakage.

The threat actor stole 180GB of databases, which contained personal information of the retailer's customers and employees. The stolen data included information from various sectors, such as travel, visa, retail commerce, restaurants, money exchange, remittance service, corporate, HR, and customer personal information.

The threat actor sought to sell over 3 million records of the retailer's customer personally identifiable information (PII). The root cause of the breach is not known currently. 

The screenshot is the Visa applicant's personal information, which contains information such as passport number, current nationality, last name, first name, name at birth, father's name, mother's name, gender, marital status, date of birth, place of birth (city), mobile number, etc. 

Learnings for SMEs 

• The Risk is Real: SMEs must recognise that they are not immune to cyber threats. Cybercriminals often target smaller businesses due to their typically weaker security defences, which can lead to severe reputational damage and operational disruptions. Understanding that no company is too small to be targeted is crucial in taking the necessary steps to strengthen cybersecurity measures. 
• Implement Right-Sized Security Measures: SMEs should adopt comprehensive security solutions tailored to their risk profiles. These solutions include covering common attack vectors such as phishing and vulnerabilities in public infrastructure, deploying robust endpoint protection, secure backups, and continuous risk monitoring. Regular employee training on cybersecurity best practices is essential to prevent breaches. 
• Protect Your Balance Sheet: Cyber attacks can be financially devastating, with costs extending beyond ransom payments to include incident response, legal fees, and regulatory fines. Cyber insurance provides a financial safety net, helping cover these costs and ensuring business continuity.  

Protos Cover: Your Partner in Cyber Insurance 

At Protos Cover, we understand that robust cybersecurity measures may not always prevent every incident.

We combine comprehensive cyber insurance with tailored cybersecurity solutions to take the risk off your books. Our offerings provide financial protection against cyber incidents like data breaches and ransomware attacks, ensuring your business can recover swiftly and maintain continuity. 

For more information on how Protos Cover can support your cybersecurity needs, visit our website or contact our team today. Together, we can build a more secure digital future for your business.