Cybercriminals Hurl a Wave of Attacks at Vulnerable Wordpress Sites

SEO Spamming remains a top objective

• In an incident discovered recently, a new cybercrime gang leveraged vulnerable WordPress sites to install scammy e-commerce stores with the purpose of lowering a site’s search engine ranking and reputation.
• The attackers gained access to the site’s admin account through brute-force attacks, after which they overwrote the site’s main index file and appended malicious code.
• Researchers also discovered that attackers are injecting malicious PHP files into the WordPress sites to ensure a steady flow of SEO spam links.

Vulnerable themes and plugins fuel more attacks

• On November 17, Wordfence researchers reported an ongoing large-scale attack that involved mass scanning of WordPress sites with Epsilon Framework themes vulnerable to Function Injection attacks.
• Installed on over 150,000 sites, these vulnerable themes could lead to a full site takeover.
• Moreover, during early November, instances of vulnerable WordPress plugins such as Ultimate Member and Welcart e-Commerce were found to be affected by severe vulnerabilities that could let attackers hijack sites.

WordPress is not alone in the mess

• Not only WordPress, but other CMSes such as Drupal and Joomla are also equally lucrative targets for cyberattacks.
• Lately, admins of sites running on Drupal were urged to plug a security hole that relied on the double extension" trick.
• Drupal devs said that the vulnerability resided in the fact that the Drupal CMS does not sanitize "certain" file names, allowing some malicious files to slip through.

Key takeaways