Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    Nov8
    3:35 am (UTC-7)   |    by

    Further analysis by Trend Micro researchers on the reported defacement of the Singapore Prime Minister Office website revealed that the website was not actually defaced  – attackers abused the search function of the Singapore PMO website to display an image that looks like a hacked version of the site.

    Sing_PMO

    Figure 1. Image shown from within the PMO website that falsely claims the site was hacked

    The attackers exploited an XSS vulnerability in the website’s search page by entering the code triggering the display of the image as the search string. This caused the web page to execute the code and display the image, along with text that said “ANONYMOUS SG WAS HERE BIATCH~”, giving the impression that the website was defaced.

    We’d like to point out that the Singapore PMO website remains intact, and was not compromised in any way. Visitors of the site will not be able to see the image, since it is only accessible if the URL with the injected script embedded is accessed. The attackers drove users into the link with the displayed image by distributing the URL through social media.

    This attack is a form of cross-site scripting or XSS and has been seen in many attacks in the past, including those that affected other government websites. XSS vulnerabilities are low-hanging fruits for attackers since the likelihood of a website having them is very high, thus it is seen as one of the easier routes in terms of attacking a website.

    This ease in execution for hackers, however, is paralleled by great risks for the potential targets. While the attack on the PMO website only triggered the display of an image, we have seen other attacks that triggered redirections to malicious sites, leading visitors to malware.

    We strongly recommend website developers to make sure that their sites are fully secure against XSS attacks through the following means:

    1. Review the website code regularly to make sure that it is configured to prevent code injection. This can be done by setting up limitations for input contents in order to reject special characters, as well as sanitizing output byHTML-encoding user input/strings.
    2. Scan for web application vulnerabilities to identify possible attack vectors and address them immediately.




    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • jungleboy

      I doubt the state, consumed by its own insecurity, will acknowledge the views of a foreign-based organisation – or is it a multinational? :P



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice