Website defacement is the electronic graffiti of choice for most “Hacktivists” these days. According to Wikipedia – Website defacement is “an attack on a website that changes the visual appearance of the site or a webpage”. It is unauthorized access and edits to the website, mostly without the knowledge of the site owner.
When a hacker manages to steal administrative control of a website they can launch a defacement attack via many methods including “SQL Injection”, one of the most deadly attack vectors. Historically, defacement has been a harmless prank to inflict public relation agony on the target enterprise. But recent trends are alarming, more often than not, website defacements are being used to spread malware and stealing essential data from the target entity.
CERT-In has an excellent program focused on raising the awareness of the extent of web defacement malice across Indian websites. The analysis here leverages the data collected and published by CERT-In on their website (Web Defacement Statistics – http://www.cert-in.org.in/)
According to CERT-In data, between 2010 and 2013, .in websites had 225% more instance of defacement compared to .com sites. More SMB’s tend to host their website on a .in domain extensions compared to .com. One can correlate SMBs lack of dedicated security programs to consistent higher website defacement rates observed by typical .in domains compared to .com.
Average Monthly Defacements – By Top Level Domain Type
This trend seems to have been aggravated in the New Year. During January 2014, .in websites had 2170 defacement instances compared to 548 for .com websites. .in domains experienced a whopping 4x more defacement instances compared to .com websites.
Between 2012 and 2013, instances of .in website defacement went up by 37% compared to a 33% reduction in website defacement across .com domains. These trends clearly indicate that the .com website owners are deploying security service like Indusface Malware Monitoring ( to detect and mitigate website defacements. )
If you are a website owner, you owe it to your customers, visitors, and stakeholders (including shareholders and employees) to get serious about securing the front doors of your online megastores. Hope is a great thing; we hope you don’t get hacked. We hope your applications are as secure as they deserve to be. But false hope is equally dangerous.
Invest time to get a free scan from Indusface Website Scanning to see what hackers most likely already know about your website’s weaknesses. Ensure on-going monitoring of malware and application vulnerability with our Indusface Premium and Indusface Malware Monitoring services. Do you have a mobile application, get is audited by our Indusface Mobile application security service.
Someone once said, “Luck happens when preparation meets opportunity”, you have identified an opportunity, and your website is ready. BUT are you prepared for the uncertain world of cybercrime? We can help. Please contact firstname.lastname@example.org
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. He was instrumental in building the product/service and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. He has proven experience (10+ years) in the security industry and has held various mgmt/leadership roles in Product Development, Professional Services, and Sales during his time at Entrust Data card.