Is your website safe against cyber criminals?
Apparently, Website defacement and other attacks on web sites are popular among cyber criminals. In this type of attacks, attacker tries to change the visual appearance of the target website either to promote security loopholes or to promote a political or a social agenda of their own. Most of the websites on the internet are based either on a Content Management System (CMS) or a web framework attackers use vulnerabilities in these to penetrate in to the web site or the hosting server in order to vandalize the content.
There are many means and methods to deface a website. Most common method of defacement is using SQL injection to log into administration accounts by infiltrating the database of the web site, which will sometimes disclose many Personally Identifiable Information (PII) of the customers/visitors of that website. After having the full access to the website, attacker can freely act according to his/her will.
Attackers also use outdated third-party CMS plugins which are crawling with security loopholes to get unauthorized access to websites. Most of these third party plugins are developed by ordinary programmers with a little or zero knowledge about security. Most of them actually will not worry about fixing a security vulnerability within their code. Due to such reasons, most of these third party plugins used by website developers are crawling with vulnerabilities. Attacker will not hesitate to use those vulnerabilities to get in to websites to accomplish their tasks. Most common vulnerability used by attackers is the Remote Code Execution (RCE) vulnerability. This vulnerability allows attacker to execute a specifically crafted code within vulnerable website and get access to that site or to alter the content within the site.
So, how will it affect you or your company?
This will definitely look bad on your brand because it will send a negative and wrong message to your customer and it will depict that your brand doesn't care about the security. In most of the website defacement cases, the attacker is trying to convey a message which the legitimate website owner do not want. Which will drastically impact the brand name if it is a well reputed company.
These types of attacks are successful due to many reasons. The main one is the less attention and less knowledge about website and system security by those who maintain the websites. Avoid using unsafe third-party plugins and applications, updating plugins and systems and hardening the hosting servers will definitely protect your and your companies web sites.
In the wake of Easter Sunday bombings, Sri Lanka also suffered this kind of attacks, mainly on government websites. Most probably this was happened due to lack of attention and knowledge about cyber security by those who control such websites and important systems within the country.