Pemetaan dan Analisis Permukaan Serangan (Attack Surface)  Sistem Elektronik Pemerintah Daerah Melalui Identifikasi Subdomain Resmi

SLAMET TRIYANTO; Safni Marwa; Andri Nofiar

doi:10.59061/jentik.v4i1.1386

Authors

SLAMET TRIYANTO Kominfo Kab. Kampar
Safni Marwa Universitas Pahlawan Negara
Andri Nofiar Politeknik Negeri Bengkalis

DOI:

https://doi.org/10.59061/jentik.v4i1.1386

Keywords:

Cyber Incidents, Digital Asset Identification, Domain Scanning, Domain, Subdomain

Abstract

The number of cyberattack incidents recorded by the Badan Siber dan Sandi Negara (BSSN) reached 3.64 million by mid-2025. The majority of these incidents targeted government systems. As of June 2023, Riau Province, which comprises 12 regencies and municipalities, recorded the highest number of incidents among governmental institutions in Indonesia, totaling 54,313,225 cases. The results of domain and subdomain scanning conducted across Riau Province and its regencies/municipalities identified 5,252 public electronic systems. Among these, a significant portion consisted of inactive domains or parking domains, installer pages, landing pages, expired SSL certificates, development pages, and systems potentially utilizing outdated technologies. Although the use of obsolete technologies cannot be conclusively confirmed, this indication is reflected in the number of domains and subdomains affected by web defacement incidents.To ensure that the research process did not violate applicable legal and ethical standards, domain and subdomain scanning and examination were conducted exclusively using publicly available tools, such as web browsers and Subfinder. Furthermore, no deeper penetration testing was performed on the identified findings. This limitation justifies the unavailability of definitive information regarding the use of outdated systems. Finally, asset identification constitutes a crucial stage, enabling the implementation of further measures for incident handling and mitigation efforts aimed at preventing future cyber incidents.

References

Aji, B. B., Alimyaningtias, W. N., Abdillah, M. F., Satrio, D., Utomo, I., & Artikel, H. (2025). Tinjauan keamanan terhadap serangan deface website sebagai bentuk cybercrime. JAITS: Journal of Applied Information Technology Solution, 2(1), 7–11. https://journal.universitasmulia.ac.id/index.php/jaits

Aryapranata, A., Hermanto, S., Agsena, Y. P., Rasyid, Y. Al, & Habibie, F. H. (2024). Pencegahan web defacement. Jurnal Esensi Infokom: Jurnal Esensi Sistem Informasi Dan Sistem Komputer, 8(1), 10–19. https://doi.org/10.55886/infokom.v8i1.816

Asia, I. (2026). Mengapa inventaris aset adalah fondasi pertahanan siber yang kuat. https://itsec.id/blog/mengapa-inventaris-aset-adalah-fondasi-pertahanan-siber-yang-kuat

Badan Pusat Statistik Provinsi Riau. (2024). Nama ibukota kabupaten/kota di Provinsi Riau. https://riau.bps.go.id/id/statistics-table/1/MzU2IzE=/nama-ibukota-kabupaten-kota-di-provinsi-riau.html

BSSN, D. B. O. K. S. dan S. (2023). Laporan tahunan layanan honeynet tahun 2025.

Dhanya, D. (2025). Indonesia’s BSSN records 3.64 billion cyberattacks in first half of 2025. En.Tempo.Co. https://en.tempo.co/read/2037469/indonesias-bssn-records-3-64-billion-cyberattacks-in-first-half-of-2025

Fadli Mutaqin, M., & Ferdiansyah, D. (2022). Identifikasi kerentanan terhadap serangan slot backdoor pada website di Indonesia dengan menggunakan metode OSINT. Jurnal Pasundan Informatika, 1(2), 2986–5360. https://doi.org/10.29322/IJSRP.X.X.2018.pXXXX

Indonesia, C. (2023). BSSN ungkap Riau paling sering kena serangan siber, ada apa? CNN Indonesia. https://www.cnnindonesia.com/teknologi/20230613143456-192-961224/bssn-ungkap-riau-paling-sering-kena-serangan-siber-ada-apa

Nurhidayat, T., Oktavianto, D., Susila, W., Trianto, N., Firmasyah, I., Shofiyuddin, F. M., Permatasari, N., Mahardhika, S., Nuha, M. A. Ulin, Novazrianto, D., & Saputra, A. A. (2024). Kajian ketahanan siber manajemen kerentanan. Politeknik Siber dan Sandi Negara Press.

Nurseno, M., Aditiawarman, U., Al Qodri Maarif, H., & Mantoro, T. (2024). Detecting hidden illegal online gambling on .go.id domains using web scraping algorithms. MATRIK: Jurnal Manajemen, Teknik Informatika Dan Rekayasa Komputer, 23(2), 365–378. https://doi.org/10.30812/matrik.v23i2.3824

PENGGUNAAN NAMA DOMAIN Go.Id UNTUK SITUS WEB RESMI PEMERINTAHAN PUSAT DAN DAERAH (2006).

Projectdiscovery.io. (2023). An in-depth guide to subfinder: Beginner to advanced. Projectdiscovery.io. https://projectdiscovery.io/blog/do-you-really-know-subfinder-an-in-depth-guide-to-all-features-of-subfinder-beginner-to-advanced#introduction-to-subfinder

Projectdiscovery.io. (2025). Subfinder. https://github.com/projectdiscovery/subfinder

Q Fadlan. (2025). An evaluation of OSINT tools for external attack surface mapping. Jurnal Teknologi Dan Manajemen Industri Terapan, 4(3), 1195–1199. https://doi.org/10.55826/jtmit.v4i4.1415

Raharja, Y. (2024). JIP (Jurnal Informatika Polinema) implementasi metode OSINT untuk mengidentifikasi serangan judi online pada website. JIP (Jurnal Informatika Polinema), 10(3), 359–364.

Riau, D. K. I. dan S. (2021). Grand design Riau digital provinsi Riau 2021-2025. Diskominfotik Provinsi Riau.

The NIST Cybersecurity Framework (CSF) 2.0. (2024). https://doi.org/10.6028/NIST.CSWP.29

Utami, A. R. (2022). Pelatihan pembuatan website sebagai media promosi digital sepatu Mojo. Jurnal Pengabdian Masyarakat Sabangka, 1(04 SE-Articles), 104–110. https://doi.org/10.62668/sabangka.v1i04.245

Woncharso, E., Ahyar Muawwal, & Afifah. (2021). Penerapan search engine optimization (SEO) untuk meningkatkan pengunjung pada website SCLEAN. KHARISMA Tech, 16(2), 141–155. https://doi.org/10.55645/kharismatech.v16i2.139