State of Website Defacement in India

Posted DateFebruary 28, 2014
Posted Time 3   min Read

Website defacement is the electronic graffiti of choice for most “Hacktivists” these days. According to Wikipedia – Website defacement is “an attack on a website that changes the visual appearance of the site or a webpage”. It is unauthorized access and edits to the website, mostly without the knowledge of the site owner.

When a hacker manages to steal administrative control of a website they can launch a defacement attack via many methods including “SQL Injection”, one of the most deadly attack vectors. Historically, defacement has been a harmless prank to inflict public relation agony on the target enterprise. But recent trends are alarming, more often than not, website defacements are being used to spread malware and stealing essential data from the target entity.

CERT-In has an excellent program focused on raising the awareness of the extent of web defacement malice across Indian websites. The analysis here leverages the data collected and published by CERT-In on their website (Web Defacement Statistics –

Key Take-Aways:

1.  Disproportionately higher impact for .in domains compared to .com domains

2.  Owners of .com websites got their defenses strengthened during 2013

3.  Scary, fearful, insecure future for those who indulge in unprotected online commerce

1. Disproportionately higher impact for .in domains compared to .com domains

According to CERT-In data, between 2010 and 2013, .in websites had 225% more instances of defacement compared to .com sites. More SMB’s tend to host their website on a .in domain extensions compared to .com. One can correlate SMB’s lack of dedicated security programs to consistent higher website defacement rates observed by typical .in domains compared to .com.

Security Programs

Average Monthly Defacements – By Top Level Domain Type


 2. Owners of .com websites got their defenses strengthened during 2013

This trend seems to have been aggravated in the New Year. During January 2014, .in websites had 2170 defacement instances compared to 548 for .com websites. .in domains experienced a whopping 4x more defacement instances compared to .com websites.

Website Defacement

Between 2012 and 2013, instances of .in website defacement went up by 37% compared to a 33% reduction in website defacement across .com domains. These trends clearly indicate that the .com website owners are deploying security services like Indusface Malware Monitoring ( to detect and mitigate website defacements. )

Malware Monitoring

3. Scary, fearful, insecure future for those who indulge in unprotected online commerce

If you are a website owner, you owe it to your customers, visitors, and stakeholders (including shareholders and employees) to get serious about securing the front doors of your online megastores. Hope is a great thing; we hope you don’t get hacked. We hope your applications are as secure as they deserve to be. But false hope is equally dangerous.

“ We cling with both arms to false hope, refusing to believe the weightiest proofs against it, embracing it with all our strength “

– from “The Postmaster” by Rabindranath Tagore

Invest time to get a free scan from Indusface Website Scanning to see what hackers most likely already know about your website’s weaknesses. Ensure ongoing monitoring of malware and application vulnerability with our Indusface Premium and Indusface Malware Monitoring services. Do you have a mobile application, get it audited by our Indusface Mobile application security service.

Someone once said, “Luck happens when preparation meets opportunity”, you have identified an opportunity, and your website is ready. BUT are you prepared for the uncertain world of cybercrime? We can help. Please contact

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.