SQL Injection Attacks Affecting Singapore Websites

Amidst global reports of ongoing website defacement campaigns, SingCERT has observed Structured Query Language (SQL) injection attacks against a few websites belonging to local organisations, which have led to unauthorised access, website defacement, and/or compromise of sensitive customer or organisational data. Organisations that maintain an online presence must remain vigilant against potential cyber-attacks on their websites.

 Measures to Secure Your Website Against SQL Injections

 Organisations are urged to:

• Install web application firewalls and security plugins to block unauthorised traffic and malicious requests from accessing your network or system. These help to safeguard against threats like SQL code injection, or brute-force attacks.
• Limit the privileges of the user account that is used to access the database. This action can help prevent threat actors from accessing sensitive data or executing malicious SQL code.
• Validate user input, such as special characters and null characters, at both the client and server ends.
• Keep the database software and any associated applications up to date with the latest security patches and updates. This can help prevent known vulnerabilities from being exploited by threat actors.
• Use stored procedures, which can help prevent SQL injection attacks by separating the SQL code from the user input. This ensures that the user input is treated as data rather than as part of the SQL code.

For more preventive measures and recovery steps, please refer to our advisory on Protecting Your Website From Cyber-Attacks: https://www.csa.gov.sg/alerts-advisories/Advisories/2022/ad-2022-007

Singapore organisations who are affected by a cyber incident or have evidence of any suspicious compromise of your networks should report to SingCERT. A report can be made via SingCERT’s Incident Reporting Form at https://go.gov.sg/singcert-incident-reporting-form.