Advisory 2

TLP Rating: Clear

CERT Vanuatu and the Office of the Chief Information Officer (OGCIO) have identified the following threat:

    1. SQL Injection Attempt: Multiple probing and SQL injection attempts over HTTP requests from international IP sources have been constantly recorded.
  1. Multiple minor traits of Phishing attempts, Ransomware, and URL Manipulation have been logged and analysed.

What Systems affected?

Web-based and network platforms have detected continuous SQL injection attempts to web servers, proxy servers and networks. The analysis has shown traits of scripts probing for open vulnerable web ports.

What this means?

The analysis has shown traits of automated scripts probing for open vulnerable web ports. The behaviour of these security event has indicated continuous attempts checking security settings on several systems in Vanuatu. There is no severe damage caused from this injection attempts.

Mitigation Process

  1. Update Computer systems with latest updates available
  2. Strengthen firewalls, proxy rules and policies to filter out known attack behaviours.
  3. Block off malicious IP (source) ranges.
  4. Implement honeypots to capture such threats for research and analysis.