Infocomm Media Cyber Security

Infocomm Media Cyber Security plays an important role in creating a secure and trusted environment as it enhances the resilience of our economy against cyber threats. By implementing robust IMDA regulations and guidelines, IMDA aims to enhance the resilience of our economy against cyber security threats and boost the confidence of investors in choosing Singapore as a strategic and secure location for their investments.

IMDA has formulated Codes of Practice to enhance the cyber security preparedness for designated licensees. The Codes are currently imposed on major Internet Service Providers (“ISP”) in Singapore for mandatory compliance, and the coverage includes their network infrastructure providing Internet services. Besides security incident management requirements, the Codes include requirements to prevent, protect, detect, and respond to cyber security threats in Singapore. The Code was formulated using international standards and best practices including the ISO / IEC 27011 and IETF Best Current Practices.

Starting from 2012, periodic audits are being conducted to ensure that ISPs comply with all requirements and gaps identified are promptly addressed to mitigate the associated cyber security risks. Such requirements are reviewed and updated, in consultation with designated licensees, to include proportionate controls for various infrastructures that are commensurate with evolving cyber security risks. As the Sector Lead for Infocomm and Media (ICM) sectors, IMDA’s Codes will encompass related requirements from other security agencies as well.

The Infocommunications Singapore Computer Emergency Response Team (ISG-CERT) was established in 1st April 2015 to provide IMDA with the capability to respond effectively to cyber security threats within the Infocomm and Media sector in Singapore.

The ISG-CERT supports IMDA in overseeing and enhancing the cyber-security posture and preparedness of the Infocomm and Media Sector. Internationally, as a full and active member of the Forum of Incident Response and Security Teams (FIRST), ISG-CERT cooperates and coordinates with regional and global trusted CERTs in responding to computer security incidents relating to the Infocomm and Media Sector.

ISG-CERT provides the following to the constituents of the local Infocomm and Media sector:

• Sharing of information through the issuance of actionable intelligence and advisories/alerts
• Promoting security awareness and enhance technical knowledge by conducting security courses, seminars and workshops
• Performing incident management, computer forensic analysis and malware analysis
• Coordinating with other CERTs and organisations to resolve security incidents

IMDA works closely with infocomm and media companies in Singapore to ensure that the services they provide to the public are adequately secured against cyber security threats. However, given the myriad of infocomm software solutions and applications, it is not possible to totally eliminate all cyber security vulnerabilities despite best efforts.

IMDA recognises that the cyber security researcher (“Researcher”) community regularly makes valuable contributions through making responsible disclosures to enhance the security of public-facing applications and networks of service providers, leading to safer Internet user experience. 

This Cyber Security Vulnerability Reporting Guide (“CSVR Guide”) is intended for Researchers to report to IMDA cyber security vulnerabilities that they have detected in the public-facing applications and networks of Telecommunications service providers such as the Internet Access, Mobile and Fixed-line voice/data service providers, Broadcast, Print (Newspaper) and Postal service providers operating in Singapore (“Relevant Organisations”).

Access the CSVR Guide to learn how to report cyber security threats.

IMDA aims to share prevalent cyber threats that have impacted Infocomm and Media sectors in various countries, for organisations in Singapore to be aware and better prepared for:

• Evolution of BianLian Ransomware Advisory (176.43KB), 16 May 2023
• ShroudedSnooper Advisory (175.38KB), 19 September 2023
• Sandman APT Advisory (148.89KB), 21 September 2023
• Stayin’ Alive Campaign Advisory (199.71KB), 11 October 2023
• Scarred Manticore Advisory (176.35KB), 31 October 2023
• Imperial Kitten Advisory (199.88KB), 9 November 2023
• New 5Ghoul Attack Advisory (154.41KB), 7 December 2023
• Credential leak leading to BGP attack (146.63KB), 3 January 2024
• Sea Turtle group targets cPanel with reverse shell (142.71KB), 5 January 2024
• Adversaries exploit Ivanti’s zero-day vulnerabilities (195.64KB), 29 February 2024
• Compromised GRX Networks Delivers GTPDOOR Linux Malware (148.99KB), 17 March 2024
• Earth Krahang targeting Southeast Asia organisations (214.94KB), 18 March 2024
• Chinese APT Groups Target ASEAN Entities (167.98KB), 26 March 2024
• Addendum to Feb 2024 advisory on “Adversaries exploit Ivanti’s zero-day vulnerabilities” (141.10KB), 3 April 2024
• ArcaneDoor Campaign Targeting Perimeter Network Devices (189.44KB), 24 April 2024
• APT42’s recent activity (240.53KB), 2 May 2024
• Exposed GitHub token leading to data leak (128.82KB), 8 June 2024
• BlackSuit group targets media conglomerate with ransomware (148.50KB), 27 June 2024
• Social Media Account Takeover (181.14KB), 1 July 2024
• GhostEmperor returns with updated Demodex rootkit (167.28KB), 17 July 2024
• APT41 cyber-espionage campaign targeting media sector in Asia (182.20KB), 19 July 2024