Website defacement is the electronic graffiti of choice for most “Hacktivists” these days. According to Wikipedia – Website defacement is “an attack on a website that changes the visual appearance of the site or a webpage”. It is an unauthorized access and edit to the website, mostly without the knowledge of the site owner.

When a hacker manages to steal administrative control of a website they can launch a defacement attack via many methods including “SQL Injection”, one of the most deadly attack vectors. Historically, defacement has been a harmless prank to inflict public relation agony on the target enterprise. But recent trends are alarming, more often than not, website defacements are being used to spread malware and stealing essential data from target entity.

CERT-In, has an excellent program focused around raising the awareness of the extent of web defacement malice across Indian websites. Analysis here, leverages the data collected and published by CERT-In on their website (Web Defacement Statistics – http://www.cert-in.org.in/)

Key Take Aways:

1.  Disproportionately higher impact for .in domains compared to .com domains

2.  Owners of .com websites got their defences strengthened during 2013

3.  Scary, fearful, insecure future for those who indulge in unprotected online commerce

 

1. Disproportionately higher impact for .in domains compared to .com domains

According to CERT-In data, between 2010 and 2013, .in websites had 225% more instance of defacement compared to .com sites. More SMB’s tend to host their website on an .in domain extensions compared to .com. One can correlate SMBs lack of dedicated security programs to consistent higher website defacement rates observed by a typical .in domains compared to .com.

defacement_1

Average Monthly Defacements – By Top Level Domain Type

 

 2. Owners of .com websites got their defences strengthened during 2013

This trend seems to have been aggravated in the New Year. During January 2014, .in websites had 2170 defacement instances compared to 548 for .com websites. .in domains experienced a whopping 4x more defacement instances compared to .com websites.

defacement_2

Between 2012 and 2013, instances of .in website defacement went up by 37% compared to a 33% reduction in website defacement across .com domains. These trends clearly indicate that the .com website owners are deploying security service like IndusGuard Malware Monitoring ( to detect and mitigate website defacements. )

defacement_3

3. Scary, fearful, insecure future for those who indulge in unprotected online commerce

If you are a website owner, you owe it to your customers, visitors and stakeholders (including shareholders and employees) to get serious about securing the front doors of your online megastores. Hope is a great thing; we hope you don’t get hacked. We hope your applications are as secure as they deserve to be. But false hope is equally dangerous.

“ We cling with both arms to false hope, refusing to believe the weightiest proofs against it, embracing it with all our strength “

– from “The Postmaster” by Rabindranath Tagore

Invest time to get a free scan from IndusGuard Web to see what hackers most likely already know about your website’s weaknesses. Ensure on-going monitoring of malware and application vulnerability with our IndusGuard Premium and IndusGuard Malware Monitoring services. Do you have a mobile applications, get is audited by our IndusGuard Mobile application security service.

Someone once said, “Luck happens when preparation meets opportunity”, you have identified an opportunity, and your website is ready. BUT are you prepared for the uncertain world of cybercrime? We can help. Please contact sales@indusface.com

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.