Website defacement is the electronic graffiti of choice for most “Hacktivists” these days. According to Wikipedia – Website defacement is “an attack on a website that changes the visual appearance of the site or a webpage”. It is unauthorized access and edits to the website, mostly without the knowledge of the site owner.
When a hacker manages to steal administrative control of a website they can launch a defacement attack via many methods including “SQL Injection”, one of the most deadly attack vectors. Historically, defacement has been a harmless prank to inflict public relation agony on the target enterprise. But recent trends are alarming, more often than not, website defacements are being used to spread malware and stealing essential data from the target entity.
CERT-In has an excellent program focused on raising the awareness of the extent of web defacement malice across Indian websites. The analysis here leverages the data collected and published by CERT-In on their website (Web Defacement Statistics – http://www.cert-in.org.in/)
According to CERT-In data, between 2010 and 2013, .in websites had 225% more instances of defacement compared to .com sites. More SMB’s tend to host their website on a .in domain extensions compared to .com. One can correlate SMB’s lack of dedicated security programs to consistent higher website defacement rates observed by typical .in domains compared to .com.
Average Monthly Defacements – By Top Level Domain Type
This trend seems to have been aggravated in the New Year. During January 2014, .in websites had 2170 defacement instances compared to 548 for .com websites. .in domains experienced a whopping 4x more defacement instances compared to .com websites.
Between 2012 and 2013, instances of .in website defacement went up by 37% compared to a 33% reduction in website defacement across .com domains. These trends clearly indicate that the .com website owners are deploying security services like Indusface Malware Monitoring ( to detect and mitigate website defacements. )
If you are a website owner, you owe it to your customers, visitors, and stakeholders (including shareholders and employees) to get serious about securing the front doors of your online megastores. Hope is a great thing; we hope you don’t get hacked. We hope your applications are as secure as they deserve to be. But false hope is equally dangerous.
Invest time to get a free scan from Indusface Website Scanning to see what hackers most likely already know about your website’s weaknesses. Ensure ongoing monitoring of malware and application vulnerability with our Indusface Premium and Indusface Malware Monitoring services. Do you have a mobile application, get it audited by our Indusface Mobile application security service.
Someone once said, “Luck happens when preparation meets opportunity”, you have identified an opportunity, and your website is ready. BUT are you prepared for the uncertain world of cybercrime? We can help. Please contact sales@indusface.com
This post was last modified on May 18, 2021 12:55
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More
Secure Node.js APIs using best practices: Employ proper HTTP methods, robust authentication, and API-specific security… Read More