14 DAY TRIAL // Every six months, Shodan's founder, John Matherly, publishes a list of the top 10 most efficient hacking groups when it comes to website defacements.
The third edition of this list, published a few hours ago, has the same group atop the ranking as in the first two previous versions, GHoST61, a small Turkish hacking crew.
Compared to the June 2015 edition of the list, only four hacking crews remained in the top 10, with r00t-x, TechnicaL, and virus3033 joining GHoST61.
While incredibly efficient at breaking into unprotected websites and leaving defacement messages behind, the GHoST61 group is not really that well known outside this list and has no major hacks associated with its name.
As many infosec experts have explained in the past, most of these defacements are almost all the time opportunistic hacks. The groups that carry them out often just stumble upon unprotected sites during research on bigger targets and want access to the website's underlying infrastructure just to leave their defacement messages behind.
Additionally, most of the hackers don't have the skills to escalate attacks to data breaches or backdoor installations and are just content with leaving their mark behind and then move on to bigger targets.
Apache still the most targeted Web server
According to Mr. Matherly, the most hacked websites are running on the servers of the Ecommerce Organization (419 websites), followed by Unified Layer (112), and GoDaddy (70).
When it comes to the underlying server technology, the Apache Web server leads the pack with 1,584 defaced websites, followed by nginx with 222 and Microsoft's IIS with 111.
To compile his list, Mr. Matherly used Shodan, a search engine specialized in finding Internet-connected devices, but which can also be used to search for server settings, options, and other technical details that Google, Bing and DuckDuckGo usually ignore.
Here's an evolution of the top 10 list for the past three editions. A more in-depth technical report can be viewed here.
| January 2016 | June 2015 | February 2015 |
|---|---|---|
| 1. GHoST61: 51 | 1. GHoST61: 49 | 1. GHoST61: 57 |
| 2. Kadimoun: 39 | 2. El Moujahidin: 31 | 2. OxFoRD & Omis Exe: 54 |
| 3. AnonCoders: 35 | 3. r00t-x: 29 | 3. Kuroi'SH: 41 |
| 4. r00t-x: 31 | 4. Ashiyane Digital Security Team: 22 | 4. Oum99: 40 |
| 5. Shor7cut: 28 | 5. Best Cracker: 22 | 5. Oussama911: 37 |
| 6. Owner Dzz: 27 | 6. TechnicaL: 20 | 6. Best Cracker: 35 |
| 7. Toxic Phantom FROM BANGLADESH BLACK HAT HACKERS: 27 | 7. virus3033: 17 | 7. r00t-x: 31 |
| 8. TechnicaL: 21 | 8. A.N.T: 15 | 8. Prodigy TN: 25 |
| 9. virus3033: 21 | 9. KkK1337: 14 | 9. TechnicaL: 25 |
| 10. Yuba: 17 | 10. MR Error ..: 14 | 10. koat_halk_palesten: 24 |
