Attacks on WordPress Sites Surge

mood · May 5, 2020

A hacker group tried to hijack 900,000 WordPress sites over the last week
Massive hacking operations causes a 30 times spike in bad traffic
May 5, 2020
https://www.zdnet.com/article/a-hac...ck-900000-wordpress-sites-over-the-last-week/

A hacker group has attempted to hijack nearly one million WordPress sites in the last seven days, according to a security alert issued today by cyber-security firm Wordfence.

The company says that since April 28, this particular hacker group has engaged in a hacking campaign of massive proportions that caused a 30x uptick in the volume of attack traffic Wordfence has been tracking.

"While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it's only in the past few days that they've truly ramped up," said Ram Gall, QA engineer at Wordfence.
The attacks peaked on Sunday, May 3, when the group launched more than 20 million exploitation attempts against half a million domains.
Click to expand...

Gall says the group primarily exploited cross-site scripting (XSS) vulnerabilities to plant malicious JavaScript code on websites, to redirect incoming traffic to malicious sites.

Wordfence says the hackers used a broad spectrum of vulnerabilities for their attacks.
However, Wordfence also warns that the threat actor is sophisticated enough to develop new exploits and is likely to pivot to other vulnerabilities in the future.
Click to expand...

Wordfence: Nearly a Million WP Sites Targeted in Large-Scale Attacks

mood · Jun 3, 2020

Large-scale attack tries to steal configuration files from WordPress sites
June 3, 2020
https://www.zdnet.com/article/large...eal-configuration-files-from-wordpress-sites/

Hackers have launched a massive campaign against WordPress websites over the past weekend, attacking old vulnerabilities in unpatched plugins to download configuration files from WordPress sites.

The goal of the attack was to use old exploits to download or export wp-config.php files from unpatched websites, extract database credentials, and then use the usernames and passwords to take over databases.
Ram Gall, a QA engineer at Wordfence, a provider of web application firewall (WAF) services, said that last weekend's attack was of massive proportions when compared to what the company was seeing on a daily basis.

Gall said "this campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem."
Gall said Wordfence blocked more than 130 million exploitation attempts on its network alone, which targeted more than 1.3 million WordPress sites, however, the attacks are believed to have targeted even many more other sites, not covered by the company's network.
Click to expand...

During the first campaign, the threat actor used a batch of XSS (cross-site scripting) vulnerabilities and attempted to insert new admin users and backdoors on targeted sites.
The first campaign was also similarly massive in scale, as the group's XSS attacks outweighed all the XSS attacks carried out by other groups combined (see second chart below).

Gall believes the two campaigns, albeit they targeted different vulnerabilities, have most likely been orchestrated by the same threat actor.
Click to expand...

Wordfence: Large Scale Attack Campaign Targets Database Credentials

Log in or Sign up

Attacks on WordPress Sites Surge

mood Updates Team

mood Updates Team

Log in or Sign up

Attacks on WordPress Sites Surge

mood Updates Team

mood Updates Team

Useful Searches