Singapore Hit by 21 Million Cyberattacks in 2024 as Ransomware Strikes Major Banks In April 2024, Singapore faced a significant cybersecurity breach when a ransomware attack on a printing vendor exposed sensitive customer data from DBS and the Bank of China’s Singapore branch (BOC). The incident compromised 8,200 DBS customers and 3,000 BOC customers, with stolen data including names, addresses, and, in some cases, loan account numbers. Neither bank reported compromised login credentials. The attack highlights Singapore’s growing vulnerability to ransomware, which led Asean in cyberattacks in 2024, with 21 million incidents targeting compromised servers. Ransomware, a type of malware that encrypts or locks data until a ransom is paid, has evolved into more sophisticated threats, including double-extortion (threatening data leaks) and triple-extortion (targeting customers or partners). Some variants, like wipers, destroy data even after payment. Banks are particularly high-value targets due to their real-time operations and sensitive data. Experts warn that attacks can disrupt online banking, payment systems, and trigger prolonged recovery efforts, compliance audits, and regulatory scrutiny. AI-powered ransomware further complicates defenses by adapting during attacks. Cybersecurity professionals emphasize that ransomware groups now prioritize data theft over encryption, leveraging stolen information for long-term extortion. Many attacks begin with weeks or months of reconnaissance, allowing hackers to bypass defenses before striking. While organizations deploy tools like Endpoint Detection and Response (EDR) and Identity Access Management (IAM), a layered security approach aligned with frameworks like NIST is critical. Smaller vendors, often lacking robust cybersecurity, remain a weak link in supply chain attacks.

DBS Bank, a leading financial institution in Singapore, fell victim to a ghost-tapping cyberattack targeting its customers' payment cards linked to mobile wallets like Apple Pay. Between October and December 2024, cybercriminals—primarily Chinese-speaking threat actors—exploited NFC relay techniques to conduct in-person retail fraud using stolen card credentials. The attack involved automated systems to harvest and add compromised DBS Bank cards to mobile wallets at 4-8 minute intervals, bypassing authentication measures. A total of 656 incidents were reported, with 502 cases specifically tied to Apple Pay, resulting in financial losses exceeding $1.2 million SGD. The ghost-tapping ecosystem leveraged burner phones, NFCGate tools, and a criminal supply chain spanning Cambodia and China, enabling real-time relay of tokenized payment data to money mules at retail terminals. The attack exploited legitimate NFC protocols, circumventing multi-factor authentication and time-limited security features. While no large-scale data breach of DBS’s core systems was confirmed, the incident exposed vulnerabilities in contactless payment security, leading to direct financial fraud against customers and reputational risks for the bank due to media coverage of the sophisticated attack method.