Decoding the Defacement Wave

Website defacement is a recognizable attack on the first look, making its appearance right at the screen. There could be a social, political, monetary, or personal sense of achievement hidden behind a defacement attack.

Making the headlines

Security experts reported two major website defacement incidents in the duration of a week.
  • Security researchers at Check Point unmasked an infamous hacktivist responsible for attacking and defacing around 5,000 websites in more than 40 countries over the last seven years. Self-publicized as ’VandaTheGod,’ the hacker stole the private data of more than a million people and many times attempted to sell the stolen credit cards.
  • In another campaign, ‘Hackers of Savior’ group defaced more than 2,000 Israeli websites with anti-Israeli messages.

The motive behind website defacement

Amongst the multiple ways to take over a website, nothing grabs attention more than the visual defacement of a site.
  • Both the attack campaigns mentioned above had a similar motive of carrying a political or social message, but they differed at a personal level.
  • Though VandaTheGod would target governments via politically motivated messages, it also included his personal goal of defacing 5000 websites (left short by 180). He had announced on Twitter to quit the hacking post this feat. His agenda also involved selling corporate information and dumping individuals’ credit card information online.
  • The attack on the Israeli websites, however, defaced webpages with a video of Israeli cities being bombed along with the written warning about the destruction of the Jewish state. The cybercriminals also provided a link on some of the compromised websites requesting users to click and activate their device’s camera.

The menace of website defacement

There is a rise in website defacement activities. Here are extracts from a recent analysis report giving better insights into it:
  • It revealed a 50% hike in the average daily number of website defacement attacks reported in April 2020 than attacks reported in April 2019.
  • The reason for the rise in attacks is attributed to the greater number of vulnerable targets pushed by the coronavirus pandemic.
  • The average daily number of defacements attacks against government agencies and large private businesses increased from 17.75 attacks per day in February to 21.6 attacks per day in April.
  • The study found a 77% increase in the average number of reports per day from first-time attackers—3.41 in February to 6.31 in April.

Communication & Collaboration keep cybercriminals going

Defacers vary depending upon the attack campaign and mostly prefer to work in teams to make their attacks gain prominence.
  • Security experts more often come across groups of local nationals uniting for a common cause or pushing a large international movement.
  • Most of the groups communicate using fake social media accounts, which also help them gain the pace for their cause.
  • Cybercriminals with common target share tools, use specific templates, and exchange video tutorials for exploiting codes.
  • Website defacement attacks targeting large corporations is a rare sight. Most of the first-timers or inexperienced hackers (aka script kiddies) typically target extremely vulnerable websites of small or medium-sized organizations.

Nonetheless, defacing websites doesn’t require the most sophisticated skills. This might encourage a novice in the cyber world to get involved in learning more sophisticated hack techniques while gaining a reputation in hacking communities.