SINGAPORE - The number of malware-infected systems detected in Singapore more than doubled to 284,300 in 2025, driven by persistent malicious activity and improved detection of botnet devices.This is an increase from 117,300 infected systems detected in 2024, according to the latest Singapore Cyber Landscape report published on Jun 30.Botnet devices are computers, servers, or internet-of-things (IoT) devices that malware has taken over, allowing an operator to control them remotely.“The continued profitability of malware-as-a-service operations, coupled with widespread use of consumer internet-of-things devices with weak security configurations or unpatched firmware, has created more opportunities for botnet operators,” said the Cyber Security Agency of Singapore (CSA) in a statement on the report.To boost efforts in securing consumer IoT devices, all residential routers sold in Singapore will need to meet more stringent requirements set out by the agency by end-2027.Currently, all residential routers sold in Singapore must meet the basic level 1 requirements – such as having unique default passwords and updated software – under CSA’s Cybersecurity Labelling Scheme.Routers will soon need to meet level 2 requirements, including stronger security for communications, storage of sensitive data and methods to verify users.In its 10th edition, the report highlighted key trends in the cybersecurity landscape, which includes the introduction of AI agents and frontier AI models that can automate and accelerate cyberattacks.“Vulnerabilities are weaponised within hours or even minutes, spreading across networks and supply chains before defenders can mobilise, as threat actors leverage AI to scale up both their speed of mass exploitation of vulnerabilities and the evasiveness of their malware,” said David Koh, commissioner of cybersecurity and CSA chief executive in the report.The outgoing chief, Singapore’s first cybersecurity czar, will be replaced by senior civil servant Gwenda Fong on July 1.The emergence of autonomous AI models such as Anthropic’s Mythos can also significantly shorten the time needed to conduct attacks, and lower the barrier of entry for less skilled attackers, said CSA.It added that the misuse of OpenClaw, a legitimate open-source agentic AI tool, has also shown how such technologies can be weaponised to breach development pipelines at scale.The use of AI is also aiding scam operations by enabling threat actors to generate realistic voice clones and deepfake videos at scale, and develop tools capable of bypassing multi-factor authentication.Despite this, phishing activity detected in Singapore fell by around 20 per cent to 4,800 reported cases in 2025, from 6,100 cases in 2024.ST has contacted CSA for more information on the cause for this fall. The agency said in its report that these reported statistics likely under represent the true scale of phishing activity, as many incidents go unreported.Companies that are most spoofed by scammers in phishing attempts include those in the banking and financial services sector, followed by government, and logistics.“Based on the reported cases in 2025, threat actors most frequently impersonated Japanese financial institutions that were likely unfamiliar to most Singapore consumers,” said CSA in its report.The number of reported ransomware cases also increased slightly to 165 cases in 2025, from 159 cases in 2024.Small and medium enterprises (SMEs) continue to be disproportionately affected due to comparatively lower cybersecurity maturity and limited resources, said CSA, adding that set up of the Cyber Resilience Centre is meant to assist SMEs with cybersecurity health checks and recovery assistance.