Risks Mitigation of Defacement Attack Vectors on Educational Institution Websites by Using OWASP and Risk IT Frameworks
According to an article published by The Hacker News in 2006 [1] 21.549 websites defaced by Turkish hacker team, Iskorpitx. It was the largest defacement in web history. Zone-h, the largest defaced website archives [2] listing 11.107.846 websites became the victims of defacement attack. So how about educational institution websites? Are they become the target of defacement attack? In point of fact, University of Maryland, North Dakota University, Butler University, Indiana University and Arkansas State University became the victims of data breach by malicious attacker, the data breach was larger than data breach attack on Sony [3]. After analysing the data filtered from Zone-h archives, we retrieved that the defaced websites belong to educational institution in ASEAN countries; Indonesia (11.615 websites), Malaysia (3.512 websites), Singapore (312 websites), Vietnam (3.294 websites), Thailand (9.860 websites), Brunei Darussalam (30 websites), Cambodia (65 websites), LAO PDR (9 websites), Myanmar (6 websites), Philippines (978 websites) have been efaced in 2015. This paper will analyse the motive, attack methods, risks, impacts and mitigations of defacement attack in educational institutions. MECEES, OWASP and Risk IT will be used as framework. Hacked educational institutions will lead to critical risks .