Overview
Infocomm Media Cyber Security plays an important role in creating a secure and trusted environment as it enhances the resilience of our economy against cyber threats. By implementing robust IMDA regulations and guidelines, IMDA aims to enhance the resilience of our economy against cyber security threats and boost the confidence of investors in choosing Singapore as a strategic and secure location for their investments.
Telecommunications Cybersecurity Code of Practice
IMDA has formulated Codes of Practice to enhance the cyber security preparedness for designated licensees. The Codes are currently imposed on major Internet Service Providers (“ISP”) in Singapore for mandatory compliance, and the coverage includes their network infrastructure providing Internet services. Besides security incident management requirements, the Codes include requirements to prevent, protect, detect, and respond to cyber security threats in Singapore. The Code was formulated using international standards and best practices including the ISO / IEC 27011 and IETF Best Current Practices.
Starting from 2012, periodic audits are being conducted to ensure that ISPs comply with all requirements and gaps identified are promptly addressed to mitigate the associated cyber security risks. Such requirements are reviewed and updated, in consultation with designated licensees, to include proportionate controls for various infrastructures that are commensurate with evolving cyber security risks. As the Sector Lead for Infocomm and Media (ICM) sectors, IMDA’s Codes will encompass related requirements from other security agencies as well.
Infocommunications Singapore Computer Emergency Response Team (ISG-CERT)
The Infocommunications Singapore Computer Emergency Response Team (ISG-CERT) was established in 1st April 2015 to provide IMDA with the capability to respond effectively to cyber security threats within the Infocomm and Media sector in Singapore.
The ISG-CERT supports IMDA in overseeing and enhancing the cyber-security posture and preparedness of the Infocomm and Media Sector. Internationally, as a full and active member of the Forum of Incident Response and Security Teams (FIRST), ISG-CERT cooperates and coordinates with regional and global trusted CERTs in responding to computer security incidents relating to the Infocomm and Media Sector.
ISG-CERT provides the following to the constituents of the local Infocomm and Media sector:
- Sharing of information through the issuance of actionable intelligence and advisories/alerts
- Promoting security awareness and enhance technical knowledge by conducting security courses, seminars and workshops
- Performing incident management, computer forensic analysis and malware analysis
- Coordinating with other CERTs and organisations to resolve security incidents
Cyber Security Vulnerability Reporting (CSVR) Guide
IMDA works closely with infocomm and media companies in Singapore to ensure that the services they provide to the public are adequately secured against cyber security threats. However, given the myriad of infocomm software solutions and applications, it is not possible to totally eliminate all cyber security vulnerabilities despite best efforts.
IMDA recognises that the cyber security researcher (“Researcher”) community regularly makes valuable contributions through making responsible disclosures to enhance the security of public-facing applications and networks of service providers, leading to safer Internet user experience.
This Cyber Security Vulnerability Reporting Guide (“CSVR Guide”) is intended for Researchers to report to IMDA cyber security vulnerabilities that they have detected in the public-facing applications and networks of Telecommunications service providers such as the Internet Access, Mobile and Fixed-line voice/data service providers, Broadcast, Print (Newspaper) and Postal service providers operating in Singapore (“Relevant Organisations”).
Access the CSVR Guide to learn how to report cyber security threats.
Advisories
IMDA aims to share prevalent cyber threats that have impacted Infocomm and Media sectors in various countries, for organisations in Singapore to be aware and better prepared for:
- Evolution of BianLian Ransomware Advisory (176.43KB), 16 May 2023
- ShroudedSnooper Advisory (175.38KB), 19 September 2023
- Sandman APT Advisory (148.89KB), 21 September 2023
- Stayin’ Alive Campaign Advisory (199.71KB), 11 October 2023
- Scarred Manticore Advisory (176.35KB), 31 October 2023
- Imperial Kitten Advisory (199.88KB), 9 November 2023
- New 5Ghoul Attack Advisory (154.41KB), 7 December 2023
- Credential leak leading to BGP attack (146.63KB), 3 January 2024
- Sea Turtle group targets cPanel with reverse shell (142.71KB), 5 January 2024
- Adversaries exploit Ivanti’s zero-day vulnerabilities (195.64KB), 29 February 2024
- Compromised GRX Networks Delivers GTPDOOR Linux Malware (148.99KB), 17 March 2024
- Earth Krahang targeting Southeast Asia organisations (214.94KB), 18 March 2024
- Chinese APT Groups Target ASEAN Entities (167.98KB), 26 March 2024
- Addendum to Feb 2024 advisory on “Adversaries exploit Ivanti’s zero-day vulnerabilities” (141.10KB), 3 April 2024
- ArcaneDoor Campaign Targeting Perimeter Network Devices (189.44KB), 24 April 2024
- APT42’s recent activity (240.53KB), 2 May 2024
- Exposed GitHub token leading to data leak (128.82KB), 8 June 2024
- BlackSuit group targets media conglomerate with ransomware (148.50KB), 27 June 2024
- Social Media Account Takeover (181.14KB), 1 July 2024
- GhostEmperor returns with updated Demodex rootkit (167.28KB), 17 July 2024
- APT41 cyber-espionage campaign targeting media sector in Asia (182.20KB), 19 July 2024
- Ransomware operators actively exploiting VMWare ESXi hypervisor vulnerability (155.80KB), 29 July 2024
- StormBamboo uses internet service providers to deploy DNS poisoning campaign (154.68KB), 2 August 2024
- Earth Lusca uses novel backdoor for cyber espionage operation (181.96KB), 4 Sep 2024
- Akira Ransomware Pivoting Back to Double Extortion (142.61KB), 21 Oct 2024
- TeamTNT Returns with a Docker Gatling Gun Campaign (182.34KB), 25 Oct 2024
- Phishing email delivers Lumma Stealer (176.96KB), 31 Oct 2024