Lately, WordPress sites have been facing quite a lot of cyber threats. Either site takeovers or plugin vulnerabilities, the consensus is that WordPress isn’t really having a great time.
What’s going on?
Last week, some 300 WordPress sites witnessed a wave of attacks, displaying fake encryption notices and asking for a ransom of 0.1 Bitcoin. Furthermore, these ransom demands induce a sense of urgency and panic by accompanying a countdown timer. This seems like a run of the mill ransomware attack,
But it’s not
Researchers discovered that the websites were not encrypted. The threat actors simply altered an installed plugin, named Directorist, to show a ransom note and countdown. Thus, this is a fake ransomware attack.
Why this matters
WordPress is one of the most renowned Content Management Systems (CMS) out there. This, however, implies that it is a primary target for threat actors looking to infect websites. The adversaries logged in as admins on the sites - via either brute-force or stolen credentials bought from the dark web. These attacks are not isolated, rather seem to be part of a bigger campaign, which signifies that they may have bought credentials from dark markets.
Some latest WordPress news
A critical security flaw in WP Reset Pro, a WordPress plugin, could be abused by an authenticated user to delete the complete database of a website.
In October, a high severity bug was found in the Hashthemes Demo Importer WordPress plugin, which could enable attackers to reset and wipe vulnerable sites.
The bottom line
Keep an eye out for updates and software patches, while using popular CMS platforms. Moreover, be careful about the plugins you choose. The current threat faced by WordPress websites is not a one-time thing and is expected to persist in the future. Experts surmise we may witness actual encryption attacks in the future.