Singapore and Google partner on Web Risk to protect citizens from online scams and phishing
Jeffery Eman
Security Architect, User Protection Services
Badr Salmi
Product Manager Lead, Web Risk, User Protection Services
With a growing number of internet users and ever-more services moving online, the security, scam, and fraud landscape is rapidly changing. Governments and the private sector are investing to provide protection for their employees and the end-users of their services.
The Government Technology Agency of Singapore (GovTech) and Google Cloud are announcing a partnership to use Google Cloud Web Risk to better protect Singapore citizens and residents from online scams and phishing. Under the partnership, Google Cloud Web Risk will provide Singapore with threat intelligence about malicious websites and phishing pages through its various APIs. This information will then be used to block access to identified malicious websites and phishing pages to protect Singapore citizens and residents with a red warning in the browser.
Figure 1: Browser warning shown to users on malicious sites.
Web Risk enables users to detect if a URL is violating any Safe Browsing policies, evaluate how risky a URL is, and submit URLs to Google Cloud for scanning. Google Safe Browsing is a constantly updated database of malicious sites and content. If a URL violates any Safe Browsing policies, it will be added to the Safe Browsing blocklist that protects more than 5 billion devices within minutes. This provides a unique set of capabilities to protect end users against malicious attacks such as phishing and malware.
“Our partnership with Google Cloud is part of GovTech’s efforts to stay ahead of cybercrime and maintain a safe digital space for Singaporeans. Web Risk augments our capabilities at the Government Cyber Security Operations Centre, enabling us to scan more websites, detect new threats, and shorten our response time. We will continue to strengthen these defenses as we build our Smart Nation,” said Goh Wei Boon, chief executive officer of GovTech.
Web Risk will be integrated into the cybersecurity ecosystem led by Singapore’s Government Cyber Security Operations Centre (GCSOC). GCSOC uses their own automated tools, such as PhishMonSG, to consolidate thousands of potentially malicious phishing websites daily from commercial feeds and crowdsourced initiatives such as ScamShield. After deduplication and normalization, they use the Google Web Risk Evaluate API to evaluate the risk level of a suspected website. Only sites deemed as risky are escalated for blocking via Web Risk’s Submission API.
Jeff Reed, vice president, Security Products, Google Cloud, said, “The Singapore government has comprehensive strategies to systematically combat online scams. We were impressed by their ability to organize and consolidate crowdsourced data and commercial feeds into a single location for vetting and disruption. Their work, combined with Google’s amazing threat visibility across billions of URLs we examine each day and Web Risk’s unique capabilities in the market will allow us to significantly enhance the protection of Singapore's cyberspace.”
Figure 2: High level workflow on processing malicious websites
Andre Ng, cybersecurity engineer and engineering lead, GovTech’s PhishMonSG, said, “What Web Risk brings to the table is an additional and automated means of disruption that helps us verify and block malicious URLs within minutes to a few hours, removing threats before they cause harm to Singaporeans.”
Speak to a Web Risk expert today to provide a safer online environment for your users.