IT security vendor, Trend Micro Incorporated shares that the recently compromised Singapore Prime Minister Office (PMO)’s website remains to be intact, with visits unaffected. Through analysis by its threat experts, Trend Micro found that the attack was not a result of a hacking attack, but an exploitation of vulnerability within the website.

Based on Trend Micro’s analysis, the Singapore PMO’s website incident was a result of a typical Cross Site Scripting (XSS) where the cybercriminal exploited the ‘search’ function on the website, and injected content from external sources. In this particular instance, the cybercriminal had redirected the URL to the criminal’s intended image.

It was found that the exploited URL was broadcasted across various social networking sites including Twitter, Facebook and more, implying that the Singapore PMO website has been defaced. With the exploited link referencing to Singapore PMO website’s official URL (www.pmo.gov.sg), when clicked on, unsuspecting visitors and consumers were tricked into thinking that the exploited link was a real defaced Singapore PMO website. With the cybercriminal’s choice of image, visitors and consumers were led to believing the compromise was by global hacker group, Anonymous Collective.

Over the past couple of weeks, online assets of several government organizations in Singapore have been compromised by cyber criminals causing service disruptions and more. Trend Micro advises organizations to conduct regular checks on the robustness of their IT infrastructure against exploitations of possible loopholes.

Trend Micro recommends organizations the following steps to check the health of their online assets, to better protect themselves against exploitations of vulnerabilities:

  1. Scan for web application vulnerabilities.
  2. Review HTML codes to ensure that search functions are not compromised, including setting up limitations in input content to reject special characters, sanitizing output through HTML-encoding of user input or strings.
  3. To ensure complete safety in the short run, disable website search functions.

Leave a Reply