Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Website Defacement: A 3-step Defense Strategy

The Cyber Security Agency (CSA) of Singapore recently reported that there were 419 defaced ‘.sg’ websites in 2021, mainly belonging to SMEs – a decrease of 15 per cent from 495 in 2020. This downward trend could be attributed to hacktivist activities moving to other platforms with potentially wider reach, such as social media sites.

Understanding website defacement attack

Website defacement and vandalism is not new. Simply put, it’s a virtual graffiti or vandalism, where hackers deface a website by changing its appearance or content. Sometimes, they might even subvert the website by injecting malicious code that infects customers’ computers or phones with viruses, execute phishing scams or install crypto miners. A notable example happened in 2002 when hackers placed a fake front page and six stories on the front page of USA Today’s website. In 2013, the Singapore prime minister’s website was defaced. More recently, Ukraine claimed its government websites were defaced.

Website defacement can be accomplished by gaining access to a company’s content management system (CMS). Many sites, including those of news media and retailers, are driven almost entirely by a CMS, and if the bad actors can break into that system by stealing credentials, exploiting software vulnerabilities, or getting access to private networks, they can change the displayed content quite easily.

No matter the technical cause, this is serious. Cyberattacks against public-facing websites, regardless of size, are common and may result in website defacement and other forms of vandalism. Such attacks “can gravely damage the reputation of the website and its owner.” For example, corporate and personal websites that fall victim to defacement may experience financial loss due to eroded user trust or a decrease in website visitors.

That brings up the question of motivation. Sometimes the defacement is a crime of opportunity: Hackers want to plant malware and scan high-traffic websites looking for vulnerabilities that will give them access to the front-end web server or the back-end content database. Yet other times, the vandalism deliberately targets a specific government agency, business, or non-profit organization.

Read More: MemryX Inc. Opens R&D center in Bangalore, India – Advancing Simple and Scalable Processing Solutions for Edge AI

The motives vary. Perhaps the hackers wish to specifically hurt or embarrass a company. Perhaps they want to plant malware to help them mine cryptocurrency using your computer, or to steal end-user credentials. Perhaps they are seeking to make a political statement. Perhaps they’re bored or showing off. Perhaps they are looking to gain attention for themselves or their cause. Perhaps it’s a dry run for a state-sponsored entity’s cyberwarfare brigade. Who knows?

At the end of the day, the reasons for the attack shouldn’t matter, at least not to the victim. Leave those psychological analyses and crime forensics to the police or the Security and Intelligence Division (SID), while you focus on the real challenges of keeping your corporate IT assets, including your website, safe and secure from hackers and vandals.

Could your company’s site be defaced by competitors, hacktivists, state-sponsored actors, or even those seeking to plant malware onto unsuspecting end users? It’s possible. Fortunately, it’s also preventable.

Here is a three-pronged approach to preventing, responding to, and rebuilding after a website vandalism attack:
Related Posts
1 of 11,183

Plan. Seek to prevent an attack by hardening your defenses, enabling strong encryption and user authentication systems, ensuring there are no exploitable vulnerabilities, and creating comprehensive data backups.

Check your software platforms:

  1. Have you installed all the patches and fixes?
  2. Are you monitoring industry threat notifications for warnings about new vulnerabilities?
  3. Are your contractors and in-house software developers following the best practices for secure programming and testing?
  4. Are your vendors performing at the highest, most secure level, such as by seeking ISO 27001 certification?

To borrow a concept from the airline industry, make sure aircraft materials are not easily flammable, nothing can make sparks, and smoking is prohibited near the fuel depot.

Respond. Assume your preventative measures won’t be sufficient to block the attack. If vandals manage to gain access to your systems, it’s essential to detect and react quickly before damage can occur. For detection, monitor logs, look for anomalies, and be wary for anything out of the usual. Respond by setting up measures to take down your website automatically if vandalism or other breaches occur, while sealing everything off to prevent further harm, preserve evidence, and begin the recovery.

Recommended News: HGS Continues to Expand its Digital Focus, Announces Acquisition

That is, install heat and smoke detectors and automatic sprinklers in case a fire does break out, with lots of red lights and sirens.

Recover. You don’t want to plan for failure, but you should always assume that an attack will succeed. Make sure those backups work. Prepare for contingencies of all sorts. Put up a “This page is down for maintenance” message on your site. Use it until an off-site server or failover database goes online, to hold you over while you restore the damaged systems. Have a media response plan in place, and know how to contact the relevant hosting companies, software vendors, customers, partners, and law enforcement.

By analogy, that’s why aircraft have drop-down oxygen masks, and why the flight attendants always explain what to do in the event of a water landing, while the airline knows how to contact family members if the unthinkable happens.

Plan. Respond. Recover – or your site might be next on the vandal’s graffiti hit list.

Top AI ML News: Cinder Emerges From Stealth With First Platform For Trust And Safety Operations

[To share your insights with us, please write to sghosh@martechseries.com]

 

Comments are closed.