DBS Bank
Company Details
Linkedin ID:
dbs-bank
Website:
Employees number:
33,276
Number of followers:
1,063,313
NAICS:
52211
Industry Type:
Homepage:
dbs.com
IP Addresses:
0
Company ID:
DBS_2911825
Scan Status:
In-progress
DBS Bank Company CyberSecurity Posture
dbs.com
DBS is a leading financial services group in Asia with a presence in 19 markets. Headquartered and listed in Singapore, DBS is in the three key Asian axes of growth: Greater China, Southeast Asia and South Asia. The bank's "AA-" and "Aa1" credit ratings are among the highest in the world. Recognised for its global leadership, DBS has been named “World’s Best Bank” by Global Finance, “World’s Best Bank” by Euromoney and “Global Bank of the Year” by The Banker. The bank is at the forefront of leveraging digital technology to shape the future of banking, having been named “World’s Best Digital Bank” by Euromoney and the world’s “Most Innovative in Digital Banking” by The Banker. In addition, DBS has been accorded the “Safest Bank in Asia“ award by Global Finance for 14 consecutive years from 2009 to 2022. DBS provides a full range of services in consumer, SME and corporate banking. As a bank born and bred in Asia, DBS understands the intricacies of doing business in the region’s most dynamic markets. DBS is committed to building lasting relationships with customers, as it banks the Asian way. Through the DBS Foundation, the bank creates impact beyond banking by supporting social enterprises: businesses with a double bottom-line of profit and social and/or environmental impact. DBS Foundation also gives back to society in various ways, including equipping communities with future-ready skills and building food resilience. With its extensive network of operations in Asia and emphasis on engaging and empowering its staff, DBS presents exciting career opportunities. For more information, please visit www.dbs.com
DBS Bank A.I CyberSecurity Scoring
DBS Bank Risk Score (AI oriented)Between 750 and 799
DBS Bank
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
DBS Bank Global Score (TPRM)XXXX
DBS Bank
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
DBS Bank Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
DBS Bank
Cyber Attack
Rankiteo Explanation
Attack limited on finance or reputation
Description: DBS Bank, a leading financial institution in Singapore, fell victim to a **ghost-tapping** cyberattack targeting its customers' payment cards linked to mobile wallets like **Apple Pay**. Between **October and December 2024**, cybercriminals—primarily Chinese-speaking threat actors—exploited **NFC relay techniques** to conduct **in-person retail fraud** using stolen card credentials. The attack involved **automated systems** to harvest and add compromised DBS Bank cards to mobile wallets at **4-8 minute intervals**, bypassing authentication measures. A total of **656 incidents** were reported, with **502 cases** specifically tied to Apple Pay, resulting in **financial losses exceeding $1.2 million SGD**. The **ghost-tapping ecosystem** leveraged **burner phones**, **NFCGate tools**, and a **criminal supply chain** spanning **Cambodia and China**, enabling real-time relay of tokenized payment data to money mules at retail terminals. The attack exploited **legitimate NFC protocols**, circumventing multi-factor authentication and time-limited security features. While no **large-scale data breach** of DBS’s core systems was confirmed, the incident exposed vulnerabilities in **contactless payment security**, leading to **direct financial fraud** against customers and reputational risks for the bank due to **media coverage** of the sophisticated attack method.
DBS Bank Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for DBS Bank
Incidents vs Banking Industry Average (This Year)
No incidents recorded for DBS Bank in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for DBS Bank in 2025.
Incident Types DBS Bank vs Banking Industry Avg (This Year)
No incidents recorded for DBS Bank in 2025.
Incident History — DBS Bank (X = Date, Y = Severity)
DBS Bank cyber incidents detection timeline including parent company and subsidiaries
DBS Bank Company Subsidiaries
DBS is a leading financial services group in Asia with a presence in 19 markets. Headquartered and listed in Singapore, DBS is in the three key Asian axes of growth: Greater China, Southeast Asia and South Asia. The bank's "AA-" and "Aa1" credit ratings are among the highest in the world. Recognised for its global leadership, DBS has been named “World’s Best Bank” by Global Finance, “World’s Best Bank” by Euromoney and “Global Bank of the Year” by The Banker. The bank is at the forefront of leveraging digital technology to shape the future of banking, having been named “World’s Best Digital Bank” by Euromoney and the world’s “Most Innovative in Digital Banking” by The Banker. In addition, DBS has been accorded the “Safest Bank in Asia“ award by Global Finance for 14 consecutive years from 2009 to 2022. DBS provides a full range of services in consumer, SME and corporate banking. As a bank born and bred in Asia, DBS understands the intricacies of doing business in the region’s most dynamic markets. DBS is committed to building lasting relationships with customers, as it banks the Asian way. Through the DBS Foundation, the bank creates impact beyond banking by supporting social enterprises: businesses with a double bottom-line of profit and social and/or environmental impact. DBS Foundation also gives back to society in various ways, including equipping communities with future-ready skills and building food resilience. With its extensive network of operations in Asia and emphasis on engaging and empowering its staff, DBS presents exciting career opportunities. For more information, please visit www.dbs.com
Loading...
DBS Bank Similar Companies
Access Bank Plc
Access Bank Plc is a full service commercial Bank operating through a network of over 600 branches and service outlets located in major centres across Nigeria, Sub Saharan Africa and the United Kingdom. Listed on the Nigerian Stock Exchange in 1998, the Bank serves its various markets through 5 busi
Comerica Bank
Comerica Incorporated (NYSE: CMA) is a financial services company headquartered in Dallas, Texas, strategically aligned by the Business Bank, the Retail Bank, and Wealth Management. The Business Bank provides companies of all sizes with an array of credit and non-credit financial products and servic
TD
The Toronto-Dominion Bank & its subsidiaries are collectively known as TD Bank Group (TD). TD is the sixth largest bank in North America by assets & serves approx. 28 million customers in a number of locations in key financial centres around the globe. With over 95,000 employees, TD ranks among the
Bank Mega
Perjalanan Bank Mega berawal pada tahun 1969, dengan nama PT Bank Karman di Surabaya. Kemudian bertransformasi menjadi Mega Bank pada tahun 1992, dan berpindah lokasi ke Jakarta. Pada tahun 1996, Chairul Tanjung dengan PARA GROUP, yang kini dikenal dengan CT Corpora, mengambil alih dan membuat gebra
Abbey
Abbey National plc is the 6th biggest UK bank with 705 branches under the Abbey brand. It also uses the Cahoot and since September 2008, the Bradford and Bingley savings brands. Subsidiary banks include Cater Allen Limited. Since 2004 Abbey has been part of the Santander group. Santander is the larg
Allied Bank Limited
Allied Bank is one of Pakistan's leading banks, with a vision to become a dynamic and efficient institution providing integrated solutions, aiming to be the first choice for customers. Currently, the bank maintains a country-wide network of over 1,400 branches and more than 1,560 ATMs. To protect y
Somos una Corporación líder y comprometida con el país que brinda servicios financieros de excelencia a cada segmento de clientes. Buscamos permanentemente ser el mejor Banco para ellos, ser el mejor lugar para trabajar y ser la mejor inversión para nuestros accionistas. Lo hacemos de forma colabora
CaixaBank
We are the leading financial group in the Spanish market, comprised of banking business, insurance activity and investments in international banks and leading companies in the services sector. CaixaBank is a financial group with a socially responsible, long-term universal banking model, based on qua
Huntington National Bank
Welcome to Huntington. Huntington Bancshares Incorporated is a $210 billion asset regional bank holding company headquartered in Columbus, Ohio. Founded in 1866, The Huntington National Bank and its affiliates provide consumers, small and middle-market businesses, corporations, municipalities, and
.png)
DBS Bank CyberSecurity News
November 13, 2025 08:00 AM
What every business needs to know to fight AI-powered scams
As corporate scams grow more sophisticated, and scammers masterfully exploit the human psyche and thrive on uneven defences, multi-layered...
July 10, 2025 05:41 AM
DBS Hong Kong rolls out free cybersecurity training to shield SMEs against cybercrime
Hong Kong, 29 Jun 2025 - In response to a sharp increase in cyber threats targeting local businesses, DBS Bank (Hong Kong) Limited (“DBS Hong Kong”) today...
June 23, 2025 07:00 AM
Protecting Your Business from AI-Enabled Cyber Threats
Cybercriminals are increasingly using artificial intelligence (AI) to create convincing and hard-to-detect attacks.
June 09, 2025 07:00 AM
Best Financial Innovation Labs 2025
Many FIs host labs nurturing outside startups. These labs operate around the world and focus on everything from deploying Gen AI to...
April 21, 2025 07:00 AM
Singapore Mulls Cybersecurity Certification for Financial Institutions’ Vendors
MAS and CSA are studying the possibility of requiring vendors to obtain these certifications before they can be licensed or bid for government contracts.
April 15, 2025 07:00 AM
A ransomware attack hit a vendor to DBS. What is a ransomware attack and how does it affect companies?
Customer data from DBS and Bank of China's Singapore branch (BOC) were stolen when their printing vendor was hit by a ransomware attack last week.
April 10, 2025 07:00 AM
Hackers breach DBS and Bank of China printing partner – are your bank details safe?
A ransomware attack on a printing vendor has affected DBS and Bank of China – two major banks in Asia. Thousands of customers are exposed.
April 10, 2025 07:00 AM
News - DBS Bank and Bank of China impacted in third party vendor data breach
Toppan Next Tech, a printing vendor for several financial institutions in Singapore, suffered a ransomware attack that compromised information associated with...
April 09, 2025 07:00 AM
DBS & Bank of China Singapore hit by cyberattack
The recent cyber incident involving DBS and Bank of China Singapore, where customer data has been reportedly extracted after a ransomware attack on a printing...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
DBS Bank CyberSecurity History Information
Official Website of DBS Bank
The official website of DBS Bank is https://www.dbs.com/default.page.
DBS Bank’s AI-Generated Cybersecurity Score
According to Rankiteo, DBS Bank’s AI-generated cybersecurity score is 788, reflecting their Fair security posture.
How many security badges does DBS Bank’ have ?
According to Rankiteo, DBS Bank currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does DBS Bank have SOC 2 Type 1 certification ?
According to Rankiteo, DBS Bank is not certified under SOC 2 Type 1.
Does DBS Bank have SOC 2 Type 2 certification ?
According to Rankiteo, DBS Bank does not hold a SOC 2 Type 2 certification.
Does DBS Bank comply with GDPR ?
According to Rankiteo, DBS Bank is not listed as GDPR compliant.
Does DBS Bank have PCI DSS certification ?
According to Rankiteo, DBS Bank does not currently maintain PCI DSS compliance.
Does DBS Bank comply with HIPAA ?
According to Rankiteo, DBS Bank is not compliant with HIPAA regulations.
Does DBS Bank have ISO 27001 certification ?
According to Rankiteo,DBS Bank is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of DBS Bank
DBS Bank operates primarily in the Banking industry.
Number of Employees at DBS Bank
DBS Bank employs approximately 33,276 people worldwide.
Subsidiaries Owned by DBS Bank
DBS Bank presently has no subsidiaries across any sectors.
DBS Bank’s LinkedIn Followers
DBS Bank’s official LinkedIn profile has approximately 1,063,313 followers.
NAICS Classification of DBS Bank
DBS Bank is classified under the NAICS code 52211, which corresponds to Commercial Banking.
DBS Bank’s Presence on Crunchbase
No, DBS Bank does not have a profile on Crunchbase.
DBS Bank’s Presence on LinkedIn
Yes, DBS Bank maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/dbs-bank.
Cybersecurity Incidents Involving DBS Bank
As of November 27, 2025, Rankiteo reports that DBS Bank has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
DBS Bank has an estimated 6,710 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at DBS Bank ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
What was the total financial impact of these incidents on DBS Bank ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $1.20 million.
How does DBS Bank detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with likely (by dbs bank, apple, google), and third party assistance with recorded future (threat intelligence), third party assistance with singapore authorities (investigation), third party assistance with cybersecurity firms (forensic analysis), and law enforcement notified with singapore police force (656 cases reported), law enforcement notified with potential interpol coordination (cross-border crime), and containment measures with enhanced mfa for mobile wallet onboarding, containment measures with transaction velocity limits, containment measures with geofencing for suspicious nfc transactions, and remediation measures with patch nfc protocol vulnerabilities, remediation measures with customer notification & card reissuance, remediation measures with phishing awareness campaigns, and recovery measures with fraudulent transaction reversals, recovery measures with compensation for affected users, recovery measures with collaboration with retailers to flag mule activity, and communication strategy with public advisories (singapore authorities), communication strategy with customer alerts (apple/google/dbs), communication strategy with media statements on mitigation efforts, and enhanced monitoring with nfc transaction anomaly detection, enhanced monitoring with dark web monitoring for stolen credentials, enhanced monitoring with telegram channel surveillance (e.g., @webu8)..
Incident Details
Can you provide details on each incident ?
Title: Ghost-Tapping Cyber Fraud Campaign Targeting Mobile Wallet Payment Systems (Apple Pay, Google Pay)
Description: A sophisticated cybercriminal technique called 'ghost-tapping' emerged as a significant threat to contactless payment systems, exploiting stolen payment card details linked to mobile wallet services like Apple Pay and Google Pay. The attack leverages NFC relay tactics to facilitate retail fraud, transforming digital theft into physical goods via an elaborate network of mules and automated systems. The campaign spans multiple countries, primarily orchestrated by Chinese-speaking threat actors, and involves a convergence of phishing, NFC relay technology, and a criminal supply chain for burner phones and stolen credentials. Between October–December 2024, 656 compromised mobile wallet cases were reported in Singapore, with 502 specifically targeting Apple Pay, resulting in losses exceeding $1.2 million SGD.
Date Detected: 2024-10-01
Date Publicly Disclosed: 2024-12-31
Type: Financial Fraud
Attack Vector: Phishing (Credential Harvesting)Mobile MalwareNFC Relay (via NFCGate)Automated Card Addition to Mobile WalletsBurner Phone Supply ChainMoney Mule Networks
Vulnerability Exploited: Weak Authentication in Mobile Wallet OnboardingNFC Protocol Abuse (Legitimate Traffic Relay)Bypass of Time-Limited MFA WindowsLack of Geofencing for Transaction ValidationExploitable Gaps in Contactless Payment Tokenization
Threat Actor: Name: @webu8 (Telegram Handle), Affiliation: Chinese-Speaking Cybercriminal Syndicate, Role: Supplier of Burner Phones, Ghost-Tapping Services, and Stolen Credentials, Location: ['Cambodia', 'China'], Language: Chinese, Tools Used: ['NFCGate (Repurposed Android App)', 'Automated Card Addition Scripts', 'Telegram for Criminal Coordination'], Name: Unnamed Criminal Syndicates, Affiliation: Southeast Asian Cybercrime Networks, Role: ['Phishing Operators', 'Money Mules', 'Logistics Coordinators', 'Dark Web Data Brokers'], Location: ['Cambodia', 'China', 'Singapore (Targeted)', 'Global (Victims)'], Language: Chinese, Tools Used: ['Custom NFC Relay Servers', 'Automated Phishing Kits', 'Mobile Malware (Credential Theft)'].
Motivation: Financial GainExploitation of Payment System WeaknessesScalable Fraud OperationsResale of Stolen Goods (Luxury Items)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing Emails/SMS (Credential Harvesting)Mobile Malware (e.g. and Fake Banking Apps)Dark Web Data Dumps (Previously Breached Cards).
Impact of the Incidents
What was the impact of each incident ?
Incident : Financial Fraud DBS540081825
Financial Loss: $1.2 million SGD (Singapore alone, Q4 2024)
Data Compromised: Payment card credentials (656 cases in singapore), Mobile wallet tokens (apple pay: 502 cases), Personally identifiable information (via phishing/malware)
Systems Affected: Apple PayGoogle PayDBS Bank Card SystemsRetail POS Terminals (NFC-Enabled)Mobile Wallet Authentication Servers
Operational Impact: Increased Fraud Detection Costs for BanksDisruption to Contactless Payment TrustRetailer Chargeback BurdenRegulatory Scrutiny on Mobile Wallet Providers
Revenue Loss: ['Direct Fraudulent Purchases (Luxury Goods)', 'Potential Decline in Mobile Wallet Adoption']
Customer Complaints: 656 reported cases (Singapore, Q4 2024)
Brand Reputation Impact: Erosion of Trust in Apple Pay/Google Pay SecurityNegative Media Coverage for Affected Banks (e.g., DBS)Consumer Skepticism Toward Contactless Payments
Legal Liabilities: Potential Lawsuits from Affected CustomersRegulatory Fines for Compliance Violations (e.g., PCI DSS)
Identity Theft Risk: High (via Phishing/Malware)
Payment Information Risk: Critical (Tokenized Card Data Relayed in Real-Time)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $1.20 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment Card Numbers, Mobile Wallet Tokens, Cvv/Cvc Codes (Via Phishing), Banking Credentials (Username/Password), Transaction Histories and .
Which entities were affected by each incident ?
Incident : Financial Fraud DBS540081825
Entity Name: Apple Inc. (Apple Pay)
Entity Type: Technology Company
Industry: Financial Technology (FinTech)
Location: Cupertino, California, USA
Size: Large (Global)
Customers Affected: 502 (Singapore, Q4 2024)
Incident : Financial Fraud DBS540081825
Entity Name: Google LLC (Google Pay)
Entity Type: Technology Company
Industry: Financial Technology (FinTech)
Location: Mountain View, California, USA
Size: Large (Global)
Customers Affected: Unspecified (Part of 656 total cases)
Incident : Financial Fraud DBS540081825
Entity Name: DBS Bank
Entity Type: Financial Institution
Industry: Banking
Location: Singapore
Size: Large (Regional)
Customers Affected: Targeted in Automated Card Addition Attacks
Incident : Financial Fraud DBS540081825
Entity Name: Retailers (Unspecified)
Entity Type: Business
Industry: Retail (Luxury Goods)
Location: Global (Mule Operations)
Size: Varies
Incident : Financial Fraud DBS540081825
Entity Name: Consumers (Mobile Wallet Users)
Entity Type: Individuals
Location: Global
Customers Affected: 656 (Reported in Singapore)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Financial Fraud DBS540081825
Incident Response Plan Activated: Likely (by DBS Bank, Apple, Google)
Third Party Assistance: Recorded Future (Threat Intelligence), Singapore Authorities (Investigation), Cybersecurity Firms (Forensic Analysis).
Law Enforcement Notified: Singapore Police Force (656 Cases Reported), Potential INTERPOL Coordination (Cross-Border Crime),
Containment Measures: Enhanced MFA for Mobile Wallet OnboardingTransaction Velocity LimitsGeofencing for Suspicious NFC Transactions
Remediation Measures: Patch NFC Protocol VulnerabilitiesCustomer Notification & Card ReissuancePhishing Awareness Campaigns
Recovery Measures: Fraudulent Transaction ReversalsCompensation for Affected UsersCollaboration with Retailers to Flag Mule Activity
Communication Strategy: Public Advisories (Singapore Authorities)Customer Alerts (Apple/Google/DBS)Media Statements on Mitigation Efforts
Enhanced Monitoring: NFC Transaction Anomaly DetectionDark Web Monitoring for Stolen CredentialsTelegram Channel Surveillance (e.g., @webu8)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Likely (by DBS Bank, Apple, Google).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Recorded Future (Threat Intelligence), Singapore Authorities (Investigation), Cybersecurity Firms (Forensic Analysis), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Financial Fraud DBS540081825
Type of Data Compromised: Payment card numbers, Mobile wallet tokens, Cvv/cvc codes (via phishing), Banking credentials (username/password), Transaction histories
Number of Records Exposed: 656 (Singapore, Q4 2024)
Sensitivity of Data: High (Financial + PII)
Data Exfiltration: Yes (via Phishing/Malware to Criminal Servers)
Data Encryption: Bypassed (Tokenization Exploited)
Personally Identifiable Information: Names (Linked to Cards)Email AddressesPhone NumbersPhysical Addresses (for Mule Coordination)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patch NFC Protocol Vulnerabilities, Customer Notification & Card Reissuance, Phishing Awareness Campaigns, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by enhanced mfa for mobile wallet onboarding, transaction velocity limits, geofencing for suspicious nfc transactions and .
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Fraudulent Transaction Reversals, Compensation for Affected Users, Collaboration with Retailers to Flag Mule Activity, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Financial Fraud DBS540081825
Regulations Violated: Payment Card Industry Data Security Standard (PCI DSS), Singapore Personal Data Protection Act (PDPA), Potential GDPR (for EU Citizens Affected),
Legal Actions: Ongoing Investigations (Singapore), Potential Charges for Money Mules,
Regulatory Notifications: Monetary Authority of Singapore (MAS)Singapore Police Force (SPF)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Ongoing Investigations (Singapore), Potential Charges for Money Mules, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Financial Fraud DBS540081825
Lessons Learned: NFC Relay Attacks Exploit Legitimate Protocols, Requiring Behavioral Detection, Automated Phishing/Malware Campaigns Can Scale Rapidly with Minimal Detection, Burner Phone Supply Chains Enable Persistent Fraud Operations, Cross-Border Criminal Collaboration Complicates Law Enforcement, Mobile Wallet Authentication Needs Adaptive, Context-Aware Controls
What recommendations were made to prevent future incidents ?
Incident : Financial Fraud DBS540081825
Recommendations: For Mobile Wallet Providers (Apple/Google): Implement Device Fingerprinting for Wallet Onboarding, Enforce Geofencing for High-Risk Transactions, Deploy AI-Based Anomaly Detection for NFC Relay Patterns, Collaborate with Banks on Real-Time Fraud Alerts. For Banks (e.g., DBS): Shorten MFA Approval Windows to <2 Minutes, Block Bulk Card Addition Attempts from Single IPs/Devices, Monitor Dark Web for Compromised Credentials, Educate Customers on Phishing Risks. For Retailers: Train Staff to Identify Mule Behavior (e.g., Bulk Luxury Purchases), Implement POS Transaction Velocity Checks, Report Suspicious NFC Transactions to Payment Networks. For Law Enforcement: Target Burner Phone Supply Chains (e.g., @webu8), Disrupt Telegram-Based Criminal Marketplaces, Enhance Cross-Border Information Sharing. For Consumers: Enable Transaction Alerts for Mobile Wallets, Avoid Storing Cards in Multiple Wallets, Regularly Check for Unauthorized Devices in Wallet Apps.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are NFC Relay Attacks Exploit Legitimate Protocols, Requiring Behavioral Detection,Automated Phishing/Malware Campaigns Can Scale Rapidly with Minimal Detection,Burner Phone Supply Chains Enable Persistent Fraud Operations,Cross-Border Criminal Collaboration Complicates Law Enforcement,Mobile Wallet Authentication Needs Adaptive, Context-Aware Controls.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: For: Banks (e.g., DBS), , For: Mobile Wallet Providers (Apple/Google), , For: Law Enforcement, , For: Consumers, , For: Retailers and .
References
Where can I find more information about each incident ?
Incident : Financial Fraud DBS540081825
Source: Recorded Future
URL: https://www.recordedfuture.com
Date Accessed: 2024-12-31
Incident : Financial Fraud DBS540081825
Source: Singapore Police Force (SPF) Advisory
URL: https://www.police.gov.sg
Date Accessed: 2024-12-30
Incident : Financial Fraud DBS540081825
Source: NFCGate GitHub Repository (Legitimate Tool Abused)
URL: https://github.com/NFCGate/NFCGate
Date Accessed: 2024-12-29
Incident : Financial Fraud DBS540081825
Source: DBS Bank Security Bulletin
URL: https://www.dbs.com
Date Accessed: 2024-12-28
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Recorded FutureUrl: https://www.recordedfuture.comDate Accessed: 2024-12-31, and Source: Singapore Police Force (SPF) AdvisoryUrl: https://www.police.gov.sgDate Accessed: 2024-12-30, and Source: NFCGate GitHub Repository (Legitimate Tool Abused)Url: https://github.com/NFCGate/NFCGateDate Accessed: 2024-12-29, and Source: DBS Bank Security BulletinUrl: https://www.dbs.comDate Accessed: 2024-12-28.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Financial Fraud DBS540081825
Investigation Status: Ongoing (Singapore Authorities + Private Sector)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Advisories (Singapore Authorities), Customer Alerts (Apple/Google/Dbs) and Media Statements On Mitigation Efforts.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Financial Fraud DBS540081825
Stakeholder Advisories: Singapore Monetary Authority (Mas) – Fraud Risk Warning, Apple Security Update (Ios 17.3+ Nfc Protections), Google Pay Fraud Prevention Guide.
Customer Advisories: DBS Bank: 'Beware of Ghost-Tapping Scams' (Dec 2024)Apple Support: 'Protect Your Apple Pay from Unauthorized Use'Singapore Police Force: 'Contactless Payment Fraud Alert'
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Singapore Monetary Authority (Mas) – Fraud Risk Warning, Apple Security Update (Ios 17.3+ Nfc Protections), Google Pay Fraud Prevention Guide, Dbs Bank: 'Beware Of Ghost-Tapping Scams' (Dec 2024), Apple Support: 'Protect Your Apple Pay From Unauthorized Use', Singapore Police Force: 'Contactless Payment Fraud Alert' and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Financial Fraud DBS540081825
Entry Point: Phishing Emails/Sms (Credential Harvesting), Mobile Malware (E.G., Fake Banking Apps), Dark Web Data Dumps (Previously Breached Cards),
Reconnaissance Period: Ongoing (Since at Least Q3 2024)
Backdoors Established: ['Persistent Access via Burner Phones', 'NFC Relay Infrastructure for Real-Time Exploitation']
High Value Targets: Apple Pay Users (502 Cases In Singapore), Dbs Bank Customers (Automated Attacks), Luxury Retailers (For Mule Purchases),
Data Sold on Dark Web: Apple Pay Users (502 Cases In Singapore), Dbs Bank Customers (Automated Attacks), Luxury Retailers (For Mule Purchases),
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Financial Fraud DBS540081825
Root Causes: Over-Reliance On Static Authentication For Wallet Onboarding, Lack Of Nfc Transaction Context Awareness (E.G., Geolocation), Delayed Detection Of Automated Credential Stuffing, Fragmented Law Enforcement Response To Cross-Border Fraud,
Corrective Actions: Apple/Google: Mandatory Biometric Reauthentication For Wallet Changes, Banks: Real-Time Nfc Transaction Monitoring, Retailers: Mule Behavior Analytics At Pos, Regulators: Stricter Kyc For Burner Phone Purchases,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Recorded Future (Threat Intelligence), Singapore Authorities (Investigation), Cybersecurity Firms (Forensic Analysis), , Nfc Transaction Anomaly Detection, Dark Web Monitoring For Stolen Credentials, Telegram Channel Surveillance (E.G., @Webu8), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Apple/Google: Mandatory Biometric Reauthentication For Wallet Changes, Banks: Real-Time Nfc Transaction Monitoring, Retailers: Mule Behavior Analytics At Pos, Regulators: Stricter Kyc For Burner Phone Purchases, .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Name: @webu8 (Telegram Handle)Affiliation: Chinese-Speaking Cybercriminal SyndicateRole: Supplier of Burner Phones, Ghost-Tapping Services, and Stolen CredentialsLocation: Cambodia, Location: China, Language: ChineseTools Used: NFCGate (Repurposed Android App), Tools Used: Automated Card Addition Scripts, Tools Used: Telegram for Criminal Coordination, Name: Unnamed Criminal SyndicatesAffiliation: Southeast Asian Cybercrime NetworksRole: Phishing Operators, Role: Money Mules, Role: Logistics Coordinators, Role: Dark Web Data Brokers, Location: Cambodia, Location: China, Location: Singapore (Targeted), Location: Global (Victims), Language: ChineseTools Used: Custom NFC Relay Servers, Tools Used: Automated Phishing Kits, Tools Used: Mobile Malware (Credential Theft) and .
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-10-01.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-12-31.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was $1.2 million SGD (Singapore alone, Q4 2024).
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Payment Card Credentials (656 cases in Singapore), Mobile Wallet Tokens (Apple Pay: 502 cases), Personally Identifiable Information (via Phishing/Malware) and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Apple PayGoogle PayDBS Bank Card SystemsRetail POS Terminals (NFC-Enabled)Mobile Wallet Authentication Servers.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was recorded future (threat intelligence), singapore authorities (investigation), cybersecurity firms (forensic analysis), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Enhanced MFA for Mobile Wallet OnboardingTransaction Velocity LimitsGeofencing for Suspicious NFC Transactions.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Personally Identifiable Information (via Phishing/Malware), Mobile Wallet Tokens (Apple Pay: 502 cases) and Payment Card Credentials (656 cases in Singapore).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 866.0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Ongoing Investigations (Singapore), Potential Charges for Money Mules, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Mobile Wallet Authentication Needs Adaptive, Context-Aware Controls.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was For: Banks (e.g., DBS), , For: Mobile Wallet Providers (Apple/Google), , For: Law Enforcement, , For: Consumers, , For: Retailers and .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are NFCGate GitHub Repository (Legitimate Tool Abused), Singapore Police Force (SPF) Advisory, DBS Bank Security Bulletin and Recorded Future.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.recordedfuture.com, https://www.police.gov.sg, https://github.com/NFCGate/NFCGate, https://www.dbs.com .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Singapore Authorities + Private Sector).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Singapore Monetary Authority (MAS) – Fraud Risk Warning, Apple Security Update (iOS 17.3+ NFC Protections), Google Pay Fraud Prevention Guide, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an DBS Bank: 'Beware of Ghost-Tapping Scams' (Dec 2024)Apple Support: 'Protect Your Apple Pay from Unauthorized Use'Singapore Police Force: 'Contactless Payment Fraud Alert'.
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Ongoing (Since at Least Q3 2024).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=dbs-bank' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
