A threat actor is actively trying to insert a backdoor into and compromise WordPress-based sites to redirect visitors to malvertising.

“While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it’s only in the past few days that they’ve truly ramped up, to the point where more than 20 million attacks were attempted against more than half a million individual sites on May 3, 2020,” Wordfence analysts discovered.

“Over the course of the past month in total, we’ve detected over 24,000 distinct IP addresses sending requests matching these attacks to over 900,000 sites.”

The group has an obvious predilection for older cross-site scripting (XSS) and options update vulnerabilities in less popular WordPress plugins and themes such as Easy2Map, Blog Designer, WP GDPR Compliance, Total Donations, and the Newspaper theme.

Most of these vulnerabilities have been patched months and years ago and are known to have been targeted in the past. Some of the targeted plugins have also been removed from online plugin repositories, including WordPress’ official one.

The analysts believe that the same actor is behing most of these attacks as the payload they are attempting to inject – a malicious JavaScript – is the same.

“If the victim is not logged in, and is not on the login page, it redirects them to a malvertising URL. If the victim is logged into the site, the script attempts to inject a malicious PHP backdoor into the current theme’s header file, in addition to another malicious JavaScript,” they shared.

They expect the threat actor to take advantage of similar vulnerabilities in other plugins and themes.

“The vast majority of these attacks are targeted at vulnerabilities that were patched months or years ago, and in plugins that don’t have a large number of users. While we did not see any attacks that would be effective against the latest versions of any currently available plugins, running a Web Application Firewall can also help protect your site against any vulnerabilities that might have not yet been patched,” Wordfence analysts noted.

K2 Cyber Security’s Timothy Chiu says that perimeter security tools like WAFs require a lot of tuning to make them effective at protecting applications and companies don’t typically have the security resources required to do an adequate job.

For organizations that have that problem and for individuals who only run a site or two the easiest thing to do to minimize their attack surface is to keep plugins and themes up to date and to delete plugins that they don’t need anymore and those that have been removed from the WordPress plugin repository.

Wordfence has provided indicators of compromise site administrators can use to check whether they’ve been hit.

More than 36,000 attendees, 704 speakers and 658 exhibitors gathered at the Moscone Center in San Francisco to explore the Human Element in cybersecurity through hundreds of keynote presentations, track sessions, tutorials, seminars and special events.

Source: https://www.helpnetsecurity.com/2020/05/06/wordpress-extensive-attacks/

World news – GB – Nearly a million WordPress sites targeted in extensive attacks – Help Net Security

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/


Please enter your comment!
Please enter your name here