As we all know by now, Ukraine is under constant duress from an onslaught of continuous cyberattacks. A massive wave of attacks is targeting Ukrainian WordPress sites.
Diving into details
- Wordfence recorded a whopping 144,000 attacks on February 25, 2022, and a total of 209,624 attacks between February 25 and 27.
- Most of the attacks were focused on a subset of 376 academic websites. Around 30 Ukrainian university websites were compromised, leading to service unavailability and entire defacement.
- The attackers exploited a vulnerability on a target WordPress website.
About the threat actor
- The attackers are part of a group that goes by the name of theMx0nday and are based in Brazil.
- They routed their attacks via Finish IP address with the help of Njalla, a notorious Swedish-based internet service provider.
- This particular group has previously attacked Brazilian, Turkish, Spanish, Indonesian, U.S., and Argentinian websites.
Threats to WordPress
- A new flaw in UpdraftPlus, a cloning plugin for WordPress, could put millions of users at risk. It left sensitive backup at risk, possibly exposing authentication data and personal information.
- Earlier in February, critical vulnerabilities were discovered in PHP Everywhere, another WordPress plugin. These vulnerabilities could be exploited to execute arbitrary code on compromised systems.
The bottom line
Times are tough and the Ukraine-Russia conflict has led to cybercriminals choosing their sides. Nevertheless, the threat to WordPress sites due to vulnerabilities in certain plugins cannot be put on the back burner. Software needs to be patched as soon as updates are released.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000052768634_Small.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_234954166.jpg)
