.in websites not in safe domain

APTFilter CERT-LatestNews Malware Security News SocialEngineering ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic VulnerabilitiesAll VulnerabilitiesHardware

Website defacement on the rise, posing threat to stored data: CERT-In

Mumbai, June 20:  

As incidents of hacking and cyber threats increase, there has been a spurt in website defacement as well.

According to data available with the Indian Computer Emergency Response Team (CERT-In), website defacements have increased by 21 per cent in May compared to the same period last year. The overall defacement in 2016 saw a 16 per cent increase compared with 2015.

Web defacement refers to malicious action when a hacker accesses a website and changes its appearance, most of the times replacing it with obscene images or a political and social messages that affect the reputation of the website company.

It could also pose a threat to the data stored on the website, since a hacker gains administrative access to the website server. Websites with simple security codes and fewer firewalls are likely to be defaced by malicious hackers.

Over the past six months, 15,686 web defacement incidents were reported. Of these, 10,667 were websites with .in extension.

.in under threat?

During this period, 5,016 websites with .com extension were defaced.

Data available on the CERT-In website show that last month, 2,734 such cases were reported; of these, 1,887 were websites with .in domain and 454 belonged to .com. In April 2017, for 2,041 cases of .in web defacements reported, 757 .com web defacements were reported. A similar trend was observed for every month from December 2016.

The National Internet Exchange of India (NIXI), which manages the .in registry, said the .in domain in itself had nothing to do with web defacements. “Website defacement is one of the most common hacktivist actions. It is the cyber equivalent of a graffiti drawn on a wall,” it said.

The defacement of websites, it added, is “not within the control of the .in registry.”

It added: “The .in domain is not more ‘prone to defacement’ than other Top Level domains. However, there are many more .in addresses in India, it being the country’s own domain, and so instances of defacements are more in the more popular space.”

NIXI noted that websites are a “responsibility of web hosting companies, many of whom clearly need to improve their security practices to better protect their customers.”

It stressed that the .in domain is secure and far more popular in India so, it would be defaced more than the .com domain. “We will work closely with CERT-In to address any potential threats to the .in domain,” it added.

Security measures

When contacted, CERT-In said: “Websites need to have a robust security plan, which includes timely updation of software patches, periodic security audits, and continuous monitoring of networking activities.”

(This article was published on June 20, 2017)

Please enter your email. Thank You.

Newsletter has been successfully subscribed.