As Internet users worldwide consume ever-increasing amounts of data, cybercriminals are using more sophisticated techniques to exploit new vulnerabilities daily. Attacks on websites can have different purposes and one of them is the introduction of unauthorized modifications, or website defacement.
Last month for example, security firm, Trend Micro, found cyber criminals injected fake content on their blog website by exploiting a WordPress Zero Day flaw. As these attacks become increasingly common, industry, academia and governments have been realizing the need to work together to find solutions to control website defacement.
In Colombia, a recent study on defacement indicates that the increase of cyber-attacks and vulnerabilities requires a higher level of collaboration between academic researchers, industry and government.
To address this issue, the i2t Research Group at University Icesi in Cali, Colombia has brought together the security company Password Consulting Services and the Administrative Department of Science from Colombia (Colciencias) to work on a research project focused on countering website defacement in the public sector.
During the project, we found that some public sector entities have been actively following the plan of action in the cybersecurity law CONPES 3701, developed by the Colombian government, which helps prevent attacks. However, due to the uptake of new technologies by public institutes, some of the migrated systems – systems located in external hosts – allow people outside of the entities to manage the cybersecurity of the websites, which can create vulnerabilities for future attacks.
Now, the research group is working on a solution based on an anomaly-detection technique and a process with signatures in some calls in code of the webpage. In order to prove the solution efficiency, we had been working with some public-sector entities’ websites to measure the time of detection of non-authorized changes and the time to recover the website defaced. The initial experiments included websites with different complexities (resources, links and infrastructures). The results generally showed good performance and a short response time to restore the backup site. The average time to detection was around 16 seconds and the average time to recover was around 35 seconds.
Our proposed solution creates an additional line of defense developed mainly for Colombian government entities highly affected by the defacement problem, but applicable to any institution around the world. Part of what makes it applicable is our collaborative method of working together to understand the various public- and private-actor requirements and how to resolve them through a research process.
The collaboration with public actors allowed us to know more about their cybersecurity infrastructure, their future work (for example, how they implement cybersecurity laws) and, most importantly, their experience in web-page risks. Working with private-sector actors was also important, because it provided us with knowledge about the best business models for technical solutions that address the problems and requirements detected. Finally, as academia, we had the responsibility to integrate, to research, and to aid both institutions in developing an innovative solution.
Due to the increase of cyber-attacks and the uptake of new technologies by public institutes, researchers must stay vigilant for new vulnerabilities, and must carefully follow developments in cybersecurity laws and their applications.
The largest challenge may be to continue the collaborative work between academia, government and industry. But the benefits for all parties are big. The public investment in collaborative cybersecurity projects allows private actors to develop innovative products bolstered by academic research – and the three develop effective solutions together.