Web defacement is an attack on a website that alters its visual appearance or content. An attacker finds a way to modify the files or contents of a website without the owner’s permission. People who deface websites are called defacers.

Often, cybercriminals add messages of a social, religious or political nature, or swear words and other text that is unrelated to the subject of the site. In some cases, attackers advance causes they believe in using the company website. For example, in 2020, former President Trump’s personal website was defaced by hackers who disagreed with his political ideologies. Unlike many cybercriminals, defacers seek publicity and as such, they often leave behind traces that can be used to identify them which may include their contact details.

Defacement techniques

There are several ways defacers may attack your website. They can brute-force the credentials of the site administrator; exploit vulnerabilities in site components such as performing an SQL injection (SQLi) or cross-site scripting (XSS) or infect the administrator’s device with malware. The attackers either embed their message in existing web pages or create their own. The original site can be made inaccessible to users, damaged or completely deleted.

Popular Incidents

Some of the world’s biggest websites have been hit by defacement attacks at some point. A defacement attack is a public indicator that a website has been compromised. This negatively impacts the brand and lives beyond the incident – even after the attacker’s message has been removed.

In 2012, users could not access Google Romania. Instead, they were redirected to a defacement screen posted by MCA-CRB, the “Algerian Hacker”. The defacement was in place for at least an hour. The attack was performed by DNS hijacking i.e. attackers managed to falsify DNS responses and redirect users to their own server instead of Google’s. The same attack was carried out against the domain Paypal.ro. The MCA-DRB hacker group was responsible for 5,530 website defacements across all six continents, many of them targeting government sites.

In 2019, Georgia – a small European country experienced a cyber-attack wherein 15,000 websites were defaced, and then knocked offline. Among the websites affected were government websites, banks, the local press and large television broadcasters. A Georgian web hosting provider called Pro-Service took responsibility for the attack, releasing a statement that a hacker breached their internal systems and compromised the websites.

Website defacement damage

Web defacement almost always results in reputational damage for the owner of the targeted site. In some cases, the harm can also be financial. For example, defacement of an online store can undermine customer trust. Customers trust that company websites are secured, and they can access services and products 24 hours a day. Inappropriate content in a website can lower a site’s ranking in search results and is some cases can even lead to exclusion.

Companies may also have potential data breach where the hackers can carry out more sinister activities without getting detected. For example, they could steal sensitive information, install malware, or perform privilege escalation. This may have a negative impact on the site’s ranking and usage. Defaced website may be flagged or identified as causing harm to its users. Search engines such as Google may add it to its blacklist. This may translate into a 95% loss of website traffic that could have been gained from Google search results.

Preventing defacement

The first thing is – be #cybersmart! Preventing website defacement attacks helps companies avoid the reputational damage and cleanup work that comes with a breach. Website defacement attacks often require exploiting multiple vulnerabilities in your systems. For this reason, companies are advised to adopt a defense-in-depth approach to securing their systems.

The risk of website compromise, including defacement, can be reduced through standard security measures which include regular updates of third-party software used on the site; elimination of vulnerabilities in site components such as scripts and databases; use of unique, strong passwords for administrator accounts; security audit and penetration testing, use of parameterized statements to defend against SQL injection and preparation to respond defacement incidents. There are also solutions that allow companies to automatically track changes made to websites.

Be cybersmart, be proactive, be reactive; prevent and report cybersecurity incidents and help us keep Eswatini safe and secure.