Rising AI cyber threats challenge Singapore’s financial sector

[SINGAPORE] Generative artificial intelligence (AI) is fuelling a new wave of fraud and scams, posing one of the most pressing cyber threats to the financial industry today. Although Singapore recorded the fewest ransomware incidents in Southeast Asia last year, it emerged as the region’s leading origin point for cyberattacks, with 21.9 million incidents traced back to compromised servers within the country in 2024.

Experts point out that Singapore’s cutting-edge digital infrastructure, while advantageous for businesses, also renders it an appealing target for cybercriminals seeking to exploit its high-speed connectivity and widespread tech integration. As a regional financial hub, Singapore’s exposure to cyber risks is significantly amplified, demanding increased vigilance across both public and private sectors.

According to the latest Navigating Cyber 2025 report by the Financial Services Information Sharing and Analysis Center (FS-ISAC), released on Tuesday (May 20), these evolving threats present cybercriminals with fresh opportunities to exploit geopolitical tensions and economic instability. Traditional attack methods such as ransomware and distributed denial of service (DDoS) are also becoming more sophisticated.

A growing concern highlighted in the report is the proliferation of "AI-as-a-service" offerings on the dark web. These platforms allow bad actors to rent generative AI tools capable of producing realistic phishing emails or deepfake videos, effectively lowering the barrier to entry for less-skilled cybercriminals and enabling more polished, convincing attacks.

FS-ISAC CEO Steve Silberstein remarked, “The interconnected nature of the global financial system and its ongoing adoption of emerging technologies add to the complexity. Enhancing cross-border collaboration and intelligence sharing is key to protecting the sector.”

In light of rising threats, the Monetary Authority of Singapore (MAS) has introduced stricter compliance measures for financial institutions, including mandatory stress testing to assess resilience against AI-driven fraud. These steps are intended to help banks and fintechs detect and address vulnerabilities before they escalate into large-scale breaches.

Key Strategies for Financial Institutions

1. Bolster Investment in Fraud Prevention

The report urges financial institutions to ramp up their fraud prevention and detection capabilities, particularly as cybercriminals exploit real-time payments and cryptocurrencies—making stolen funds nearly impossible to retrieve.

To stay ahead, firms are deploying behavioural biometrics—monitoring patterns like keystroke rhythms and mouse movements—to flag suspicious activity without disrupting user experience. “Smart friction” approaches are also gaining traction, delaying certain transactions just enough to allow for verification without significantly affecting convenience.

Cross-functional collaboration between fraud and cybersecurity teams, especially through intelligence sharing, is also seen as critical in combating sophisticated scams.

2. Employ AI Defensively, Reinforce Cyber Hygiene

As cybercriminals use generative AI for impersonation scams targeting top executives and IT staff, financial firms are expected to double down on fundamental cyber hygiene and comprehensive employee training.

3. Tighten Third-Party Risk Oversight

Third-party breaches remain a weak link. Notably, 2024 saw a 137.5% surge in Telegram scams, while over 100 public officials in Singapore were targeted by AI-powered malicious campaigns.

The FS-ISAC report warns that vendors such as cloud providers and payment processors are increasingly being exploited. Regular audits, stricter contracts, and improved breach notification requirements are now essential. Given that many institutions rely on shared service providers, a single compromise could have cascading effects across the sector.

To mitigate these risks, firms are being urged to strengthen API security and enhance oversight of supplier cybersecurity compliance, aligning with emerging regulatory expectations.

4. Accelerate Quantum-Resilience Planning

With quantum computing progressing rapidly, financial institutions are being advised to start migrating sensitive assets to crypto-agile encryption algorithms that can withstand future quantum threats.

FS-ISAC’s Chief Intelligence Officer Teresa Walsh emphasized, “To build operational resilience, financial firms must adopt a proactive stance—embracing forward-looking threat modelling, agile defences, and international cooperation.”