Threat actors tried to hack nearly one million WordPress sites in the last week, according to a security alert issued by cybersecurity firm Wordfence. The threat intelligence team at Wordfence stated that hackers launched attacks from 24,000 different IP addresses and tried to break into more than 900,000 WordPress sites.

It was found that since April 28, 2020, unknown hackers engaged in this massive campaign that caused a 30 times increase in the volume of attack traffic. The attacks peaked on May 3, 2020, when the group launched more than 20 million hacking attempts against half a million domains. Attackers largely abused cross-site scripting (XSS) vulnerabilities to inject malicious JavaScript code on websites and redirect them to malicious sites.

“We found that this threat actor was also attacking other vulnerabilities, primarily older vulnerabilities allowing them to change a site’s home URL to the same domain used in the XSS payload in order to redirect visitors to malvertising sites,” Wordfence’s security team said.

Wordfence also listed the top 10 IP addresses performing these attacks to help users to monitor their sites. These include:

“As these attacks appear to be targeted at vulnerabilities that have been patched for months or years, both Wordfence Premium and free Wordfence users should be protected,” the team added.

Wordfence urged users to update their website plugins and deactivate any plugins that have been removed from the WordPress plugin repository. “We did not see any attacks that would be effective against the latest versions of any currently available plugins, running a Web Application Firewall can also help protect your site against any vulnerabilities that might have not yet been patched,” it added.

An earlier independent study from WPScan stated that WordPress plugins are the biggest source of vulnerabilities and data breaches. It accounts to 54% of the global WordPress vulnerabilities count.

By signing up, you agree to EC-Council’s CISO MAG using your data, in accordance with our Privacy Policy & Terms of Use. We use your data to personalize and improve your experience as an user and to provide the services you request from us.*

By signing up, you agree to EC-Council’s CISO MAG using your data, in accordance with our Privacy Policy & Terms of Use. We use your data to personalize and improve your experience as an user and to provide the services you request from us.*

Source: https://www.cisomag.com/wordfence-wordpress-sites-hacked/

World news – GB – Nearly 900,000 WordPress Sites Targeted in a Hacking Campaign

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here