Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Top WordPress attacks: Insight into major attacks that involved compromise of WordPress sites

Top WordPress attacks: Insight into major attacks that involved compromise of WordPress sites

WordPress is the most popular content management system which is based on PHP and MySQL. A recent study revealed that WordPress-associated vulnerabilities have seen a 30% increase in 2018 when compared to the previous year. The number of vulnerabilities related to WordPress recorded in 2018 was 542.

Moreover, most of these vulnerabilities, almost 98% were related to WordPress plugins and only 2% of the vulnerabilities were found in the WordPress code. A vulnerability in WordPress plugin could allow attackers to access thousands of sites. The plugin architecture is the major reason people choose WordPress, however, out-of-date plugins are an excellent bait for attackers to compromise WordPress sites.

In this blog, we will be highlighting some of the massive attacks that involved compromise of WordPress sites.

#1. Over 1.5 million WordPress sites were hacked due to a critical vulnerability

A critical vulnerability was detected in the WordPress version 4.7.2. The developers of CMS reported the zero-day vulnerability in WordPress and patched three vulnerabilities including SQL injection, cross-site scripting, and access control bug.

However, one week later, the CMS developers reported that WordPress account had been hacked as the vulnerability was not patched in many sites. This allowed attackers to exploit the vulnerability and modify the content of any page or post on a targeted site.

The vulnerability was exploited to carry out four different defacement campaigns.

  • The first campaign exploiting this vulnerability hacked WordPress sites within 48 hours after disclosure.
  • In the second campaign, attackers exploited this vulnerability to modify the content of over 60,000 web pages and replaced them with ‘hackedby’ messages.
  • The other campaigns hacked nearly 1000 WordPress pages.

Apart from defacement campaigns, researchers also spotted SEO spam campaigns leveraging this WordPress vulnerability. Overall, researchers revealed that 1.5 million WordPress sites were hacked.

#2. WordPress plugin used to hack more than 200,000 websites

A WordPress Plugin named ‘Display Widgets’ has been used to install a backdoor on WordPress sites. The WordPress team removed the ‘Display Widgets’ plugin from the Official WordPress Plugins repository. However, the plugin was installed on more than 200,000 sites.

The plugin has been removed from Official WordPress Plugins repository four times.

  • The first version of the plugin v2.6.0 broke WordPress plugin rules by downloading over 38MB code from a third-party server. The 38 MB code contained tracking features that logged traffic on websites using this version. The extra code collected data such as user IP addresses, user strings, the domain where the data was collected, and the page the user was viewing and sent this collected information to the third-party server. The plugin was removed from the repository for the aforementioned reasons.
  • The second version v2.6.1 integrated the 38MB file inside the plugin to avoid downloading files from third-party servers and avoid breaking WordPress plugin rules. However, this version contained a backdoor that allowed the plugin’s owner to connect to remote sites and create new pages or posts. This version was removed from the repository.
  • The third version v2.6.2 created new pages where it inserted spammy links to other sites. Moreover, the plugin also hid these spammy pages from logged in users. The plugin was removed for the third time.
  • The fourth version v2.6.3 was also malicious and was removed from the repository as it inserted spammy links into other sites.

#3. Brute-force attack targets over 190,000 WordPress sites/hour

In December 2017, a massive brute-force attack campaign targeted WordPress sites with Monero miners. The attackers brute-forced WordPress admin account logins to install a Monero miner on compromised sites. The WordPress security firm Wordfence stated that this was the biggest brute-force attack the company was forced to mitigate since its birth in 2012.

The brute-force attacks peaked at 14.1 million requests per hour. Brute-force requests originated from over 10,000 unique IP addresses and targeted around 190,000 WordPress sites per hour. In this Brute-force campaign, the attackers earned over $100,000 worth of Monero.

#4. United Nation WordPress site exposed over thousands of resumes online

The United Nations WordPress website that contained resumes of job applicants since 2012 was breached compromising thousands of resumes. The breach was caused by two vulnerabilities that were discovered in one of the UN’s WordPress websites. The two vulnerabilities included a path disclosure vulnerability and an information disclosure vulnerability. These vulnerabilities could have allowed attackers to gain access to the directory index that documented the job applications by conducting Man-in-the-Middle (MITM) attacks.

Information Security - InfoSec - Cyber Security - Firewall Support Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India, Welcome to IT Monteur's Firewall Firm, India's No1 Managed Enterprise Network Security Firewall Support Provider Company in India, Firewall Firm Provider Complete range of Juniper Firewall Support , Cisco Firewall Support , Check Point Firewall Support , Palo Alto Firewall Support , FortiGate Firewall Support , Forcepoint Firewall Support , Sophos Firewall Support , WatchGuard Firewall Support , Baracuda Firewall Support , SonicWall Firewall Support , Gajshield Firewall Support , Seqrite Firewall Support , Firewall , Hardware Firewall , Software Firewall , Firewall India , Firewall , Network Firewall , Firewall Support , Firewall Monitoring , Firewall VPN , WAF Website Firewall , Firewall Security , Firewall India , Firewalls Support Provider in India , Firewall Support Services Provider Company in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket