Web site defacement is on the rise and IT departments are finding their resources stretched in dealing with the issue, according to security experts.
IT security monitor Zone-H (www.zone-h.org) reported around 88 Australian Web sites which were newly defaced in one day alone, IT security expert Arjen de Landgraaf told Computerworld.
"This is only what Zone-H has recorded last week, and by no means the full number of Australian sites that have been compromised over time," Landgraaf, founder and technical director of IT Security alert service E-Secure-IT, said.
"If it is already that easy to go in, it may be simple to dig further, go into the actual intranet, move through to the customer databases, pick up credit card info, or whatever," Landgraaf said, adding most of these defacements could have been avoided.
According to E-Secure IT: in 27.6 per cent of cases, the perpetrators took advantage of a known vulnerability on an unpatched system. Almost 17 per cent used a brute force attack and 16.4 per cent exposed a configuration to an administration mistake.
Landgraaf said a lack of a centralised IT security resources for IT administrators trying to secure systems is to blame. He claims free IT security databases such as E-Secure-DB can provide a knowledge source for IT professionals to determine which of their system components may be vulnerable.
"If only the IT administrators had known what vulnerabilities were a threat, [they] would have been in a position to act. Knowing what to defend is half the battle," Landgraaf said.
"Besides 2000 fractured, disparate information sources such as security e-mail lists and Web sites, there is no [single] centralised source where the 'Joe Bloggs' of the IT industry can get that information," he said. "Overworked IT administrators do not have the luxury of time or resources to sit behind their PC half the day tracking possible vulnerabilities on obscure e-mail and IRC chat lists."
Grant Bayley, who heads up hacker advocate group 2600 Australia, said, "The window of time between a vulnerability becoming widely known and it being exploited by large numbers of people is dropping fast. It would have been measured in days or weeks several years ago, but it's now measured in hours."
However, Bayley says the number of defacements over the past two years has "gone down pretty dramatically", as mass defacement is in decline. Yet there are some notable exceptions. While the mass defacement problem "largely went away" when operators closed down defacement mirror sites, realising they "were little more than advertisements for teen criminals showing off their work", Bayley says companies can still make themselves a target for attack. Companies that have disgruntled ex-employees, are embroiled in social or political issues, or fail to follow the most rudimentary IT security procedures can be targets.
"It comes down to a few simple things: be vigilant, patch machines, use non-standard configurations, and disable features not being used. If this doesn't apply because you don't host servers internally, get binding guarantees from your service providers."