State of Website Defacement in India
February 28, 2014
Website defacement is the electronic graffiti of choice for most “Hacktivists” these days. According to Wikipedia – Website defacement is “an attack on a website that changes the visual appearance of the site or a webpage”. It is unauthorized access and edits to the website, mostly without the knowledge of the site owner.
When a hacker manages to steal administrative control of a website they can launch a defacement attack via many methods including “SQL Injection”, one of the most deadly attack vectors. Historically, defacement has been a harmless prank to inflict public relation agony on the target enterprise. But recent trends are alarming, more often than not, website defacements are being used to spread malware and stealing essential data from the target entity.
CERT-In has an excellent program focused on raising the awareness of the extent of web defacement malice across Indian websites. The analysis here leverages the data collected and published by CERT-In on their website (Web Defacement Statistics – http://www.cert-in.org.in/)
Key Take-Aways:
1. Disproportionately higher impact for .in domains compared to .com domains
2. Owners of .com websites got their defenses strengthened during 2013
3. Scary, fearful, insecure future for those who indulge in unprotected online commerce
1. Disproportionately higher impact for .in domains compared to .com domains
According to CERT-In data, between 2010 and 2013, .in websites had 225% more instances of defacement compared to .com sites. More SMB’s tend to host their website on a .in domain extensions compared to .com. One can correlate SMB’s lack of dedicated security programs to consistent higher website defacement rates observed by typical .in domains compared to .com.
Average Monthly Defacements – By Top Level Domain Type
2. Owners of .com websites got their defenses strengthened during 2013
This trend seems to have been aggravated in the New Year. During January 2014, .in websites had 2170 defacement instances compared to 548 for .com websites. .in domains experienced a whopping 4x more defacement instances compared to .com websites.
Between 2012 and 2013, instances of .in website defacement went up by 37% compared to a 33% reduction in website defacement across .com domains. These trends clearly indicate that the .com website owners are deploying security services like Indusface Malware Monitoring ( to detect and mitigate website defacements. )
3. Scary, fearful, insecure future for those who indulge in unprotected online commerce
If you are a website owner, you owe it to your customers, visitors, and stakeholders (including shareholders and employees) to get serious about securing the front doors of your online megastores. Hope is a great thing; we hope you don’t get hacked. We hope your applications are as secure as they deserve to be. But false hope is equally dangerous.
“ We cling with both arms to false hope, refusing to believe the weightiest proofs against it, embracing it with all our strength “
– from “The Postmaster” by Rabindranath Tagore
Invest time to get a free scan from Indusface Website Scanning to see what hackers most likely already know about your website’s weaknesses. Ensure ongoing monitoring of malware and application vulnerability with our Indusface Premium and Indusface Malware Monitoring services. Do you have a mobile application, get it audited by our Indusface Mobile application security service.
Someone once said, “Luck happens when preparation meets opportunity”, you have identified an opportunity, and your website is ready. BUT are you prepared for the uncertain world of cybercrime? We can help. Please contact sales@indusface.com
