Check Point Software Technologies has released its Singapore Cyber Threat Landscape 2025 report, revealing that ransomware accounted for 58% of all recorded cyber incidents in the country last year, with sophisticated threat groups stepping up double-extortion campaigns across both public and private sectors.

The report, produced by Check Point’s Exposure Management Research team, recorded more than 130 major incidents in 2025. Groups including Qilin and Lynx led ransomware activity, combining data exfiltration with encryption to maximise pressure on victims. In one documented case, a local chemical manufacturer allegedly lost 165 GB of sensitive data to the Qilin group.

Government and Retail Sectors Under Pressure

Government sites bore the brunt of distributed denial-of-service (DDoS) activity, accounting for 44% of all DDoS victims, with the majority of targets operating under the gov.sg domain. Business services followed at 30%. Hacktivist collectives including HIME666 and NullSec Philippines were identified as primary drivers of disruption.

In the data breach category, retail emerged as the most exposed sector despite not being the most frequently targeted overall. Retail accounted for 42% of all breach incidents recorded in 2025, reflecting the sensitivity of customer data held by the sector and the relative immaturity of its cyber defences compared with financial services.

AI-Driven Threats on the Horizon

The report flags AI-generated deepfakes and trust-based scams as the next major threat vector, with these techniques expected to move into the mainstream in 2026. Unlike traditional technical exploits, these attacks target human trust rather than system vulnerabilities, posing particular risks to Singapore’s financial sector.

“Singapore’s status as a global digital hub makes it a primary target for both financially motivated criminals and strategic nation-state actors. The 2025 landscape shows that attackers are successfully bypassing traditional controls through impersonation and social engineering. As we move into 2026, organisations must assume that trust, not just systems, will be exploited.”
— Rebecca Law, Country Manager, Singapore, Check Point Software

Check Point advises organisations to maintain tested incident response playbooks, establish clear escalation paths, and raise employee awareness. The firm recommends a proactive, prevention-first approach centred on safe-by-design remediation rather than reactive containment alone.

The full Singapore Cyber Threat Landscape 2025 report is available at checkpoint.cyberint.com.