In today’s business climate, your website is your brand, your public face and your business platform. Now imagine if attackers were to hijack your website and replace your content with something offensive, illegal, inflammatory or embarrassing. Website defacement, where attackers replace your website’s content so users see what the attackers want, can be devastating for your business. And these types of attacks are on the rise. Read this short article to learn more about this cloud security threat and then get all the details in the full Q1 2015 State of the Internet Security Report at http://bit.ly/1KfWTrG

1. akamai’s [state of the internet] / security
Q1 2015 State of the Internet Security Report — Website Defacement
Selected excerpts
Akamai’s Q1 2015 State of the Internet Security Reports highlights one type of attack
notably observed this year – forms of website defacement and hijacking. By exploiting
vulnerabilities in website hosting, attackers can replace the content normally shown on a
website, or redirect users to other websites, to show the attackers’ content – for a wide
array of malicious intent. However, these attacks can be defended against or avoided.
Website Defacement
Hundreds of companies sell server hosting, where many accounts pay to host websites on
that company's servers. With many domains and sites being hosted on the same server, the
chance that at least one of those sites is vulnerable to file uploading attacks is very high -
and if the server is not properly secure in preventing accounts from accessing files outside
of their assigned directory, then an attacker can leverage that one compromised website to
gain access to other accounts
on the host server.
First, an attacker gains a
foothold on the server,
searching for sites with
vulnerable software through
tools as simple as Google
search. Once they find
software with vulnerabilities
that they can exploit for file
uploading, the attacker can
install scripts that allow
them to view and traverse the server's directory structure, looking for lists of account
names and passwords they can use to gain access to other websites. Once the attacker has
acquired a large quantity of account credentials, a mass defacement script is used to
automatically gain access to each account, replace the target files with their own, and move
on to the next website - systematically defacing potentially hundreds of websites in a single
stroke.
Domain Hijacking
These attacks can often be prevented by using better protections for web server security.
However, early in Q1, Akamai observed a form of attack that could bypass server security
entirely. Domain hijacking allows malicious actors to alter the DNS records for a website, so
that requests to look up that website point to a server of the attacker's choice.
Figure 1: One defaced website served up pro-ISIS materials

2. akamai’s [state of the internet] / security
The attack works through spear-phishing attempts on IT, finance, human resources, and
other staff who may have access to domain registration accounts. Very often, access is
gained by phishing email credentials from the site's domain administrator. With these
credentials, the attacker can perform a password reset on the registrar's site, thereby
obtaining administrative access and a password. The malicious actor can then log in to the
registrar and make changes to name server (NS) records for both web and email servers,
redirecting traffic from this domain to an IP address the attackers control. NS record
updates may often take 24 to 48 hours to go through, so the effects of this attack can last
for a considerable time before site administrators are able to revert the changes.
Get the full Q1 2015 State of the Internet — Security Report with all the details,
including defense and protective measures
Each quarter Akamai produces a quarterly Internet security report. Download the Q1 2015
State of the Internet —Security Report for:
• Analysis of DDoS and web application attack trends
• Bandwidth (Gbps) and volume (Mpps) statistics
• Year-over-year and quarter-by-quarter analysis
• Attack frequency, size, types and sources
• Security implcations of the transition to IPV6
• Mitigating the risk of website defacement and domain hijacking
• DDoS techniques that maximize bandwidth, including booter/stresser sites
• Analysis of SQL injection attacks as a persistent and emerging threat
The more you know about web security, the better you can protect your network against
cybercrime. Download the free the Q1 2015 State of the Internet — Security Report
at http://www.stateoftheinternet.com/security-reports today.
About stateoftheinternet.com
StateoftheInternet.com, brought to you by Akamai, serves as the home for content and
information intended to provide an informed view into online connectivity and
cybersecurity trends as well as related metrics, including Internet connection speeds,
broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors
to stateoftheinternet.com can find current and archived versions of Akamai’s State of the
Internet (Connectivity and Security) reports, the company’s data visualizations, and other
resources designed to help put context around the ever-changing Internet landscape.