Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ATTACK
  3. >Impact
  4. >ATTACK-T1491.002
ATTACK-T1491.002Active

External Defacement

Statement

An adversary may deface systems external to an organization in an attempt to deliver messaging, intimidate, or otherwise mislead an organization or users. External Defacement may ultimately cause users to distrust the systems and to question/discredit the system’s integrity. Externally-facing websites are a common victim of defacement; often targeted by adversary and hacktivist groups in order to push a political message or spread propaganda.(Citation: FireEye Cyber Threats to Media Industries)(Citation: Kevin Mandia Statement to US Senate Committee on Intelligence)(Citation: Anonymous Hackers Deface Russian Govt Site) External Defacement may be used as a catalyst to trigger events, or as a response to actions taken by an organization or government. Similarly, website defacement may also be used as setup, or a precursor, for future attacks such as Drive-by Compromise.(Citation: Trend Micro Deep Dive Into Defacement)

Location

Tactic
Impact

Technique Details

Identifier
ATTACK-T1491.002
Parent Technique
ATTACK-T1491
ATT&CK Page
View on MITRE

Tactics

Impact

Platforms

WindowsIaaSLinuxmacOS

Detection

Behavioral Detection of External Website Defacement across Platforms

Mitigations

Data Backup: Data Backup involves taking and securely storing backups of data from end-user systems and critical servers. It ensures that data remains available in the event of system compromise, ransomware attacks, or other disruptions. Backup processes should include hardening backup systems, implementing secure storage solutions, and keeping backups isolated from the corporate network to prevent compromise during active incidents. This mitigation can be implemented through the following measures:

Regular Backup Scheduling:

  • Use Case: Ensure timely and consistent backups of critical data.
  • Implementation: Schedule daily incremental backups and weekly full backups for all critical servers and systems.

Immutable Backups:

  • Use Case: Protect backups from modification or deletion, even by attackers.
  • Implementation: Use write-once-read-many (WORM) storage for backups, preventing ransomware from encrypting or deleting backup files.

Backup Encryption:

  • Use Case: Protect data integrity and confidentiality during transit and storage.
  • Implementation: Encrypt backups using strong encryption protocols (e.g., AES-256) before storing them in local, cloud, or remote locations.

Offsite Backup Storage:

  • Use Case: Ensure data availability during physical disasters or onsite breaches.
  • Implementation: Use cloud-based solutions like AWS S3, Azure Backup, or physical offsite storage to maintain a copy of critical data.

Backup Testing:

  • Use Case: Validate backup integrity and ensure recoverability.
  • Implementation: Regularly test data restoration processes to ensure that backups are not corrupted and can be recovered quickly.
SP 800-53
SP800-53-AC-3relatedvia ctid-attack-to-sp800-53
SP800-53-AC-6relatedvia ctid-attack-to-sp800-53
SP800-53-CM-2relatedvia ctid-attack-to-sp800-53
SP800-53-CP-10relatedvia ctid-attack-to-sp800-53
SP800-53-CP-2relatedvia ctid-attack-to-sp800-53
View in graphReport an issue
← Back to Impact
Impact33 controls
ATTACK-T1485Data DestructionATTACK-T1485.001Lifecycle-Triggered DeletionATTACK-T1486Data Encrypted for ImpactATTACK-T1489Service StopATTACK-T1490Inhibit System RecoveryATTACK-T1491DefacementATTACK-T1491.001Internal DefacementATTACK-T1491.002External DefacementATTACK-T1495Firmware CorruptionATTACK-T1496Resource HijackingATTACK-T1496.001Compute HijackingATTACK-T1496.002Bandwidth HijackingATTACK-T1496.003SMS PumpingATTACK-T1496.004Cloud Service HijackingATTACK-T1498Network Denial of ServiceATTACK-T1498.001Direct Network FloodATTACK-T1498.002Reflection AmplificationATTACK-T1499Endpoint Denial of ServiceATTACK-T1499.001OS Exhaustion FloodATTACK-T1499.002Service Exhaustion FloodATTACK-T1499.003Application Exhaustion FloodATTACK-T1499.004Application or System ExploitationATTACK-T1529System Shutdown/RebootATTACK-T1531Account Access RemovalATTACK-T1561Disk WipeATTACK-T1561.001Disk Content WipeATTACK-T1561.002Disk Structure WipeATTACK-T1565Data ManipulationATTACK-T1565.001Stored Data ManipulationATTACK-T1565.002Transmitted Data ManipulationATTACK-T1565.003Runtime Data ManipulationATTACK-T1657Financial TheftATTACK-T1667Email Bombing