Hackers Breach Millions of WordPress Sites

Hackers around the world are defacing vulnerable WordPress hosted sites around the world due to unpatched installations, continue reading to learn more.

WordPress Sites Vulnerable Due To an Unpatched Installation

Computer hackers worldwide have taken advantage of millions of unpatched WordPress installations accessible online on production servers. A new attack campaign has defaced over 1.5 million pages which are spread across 39 000 domains. The initial reports were posted on Monday by the security experts at Sucuri who announced that four groups of attackers have defaced over 67 000 pages. The next day the number grew to over 100 000 unique pages and a few days later the total number of affected pages is now over 1.5 million pages. The initial hacking collective has been joined by more than 20 individual hacker groups.

The exponential rise of the infections has been the result of massive numbers of unpatched installations. It is very likely that the problem has been announced on various underground black market forums where the malicious users engage in discussions and trade information about potential weaknesses in popular software. The problem in question is related to a fault in the REST API. The attackers can craft HTTP requests that have allowed them to bypass the CMS’s authentication system and edit the content and titles of the published WordPress pages.

The experts discovered that most of the defaced sites can easily be reached by using specific Google search strings by inputting the hacker group aliases. All of the hacker attacks share a similar pattern – the contents of the hacked sites constitute of a simple image or text that shows the name of the hacker collective responsible for the defacement.

It is possible that these attacks are only used to sample the effects of a large-scale intrusion. In the past such defacement were used to launch SEO spamming attacks, a black hat technique (also known as spamdexing) which manipulates search engine indexes. The hackers insert content and links that promote certain sites or services in a harmful way.

The news has also reached Google who attempted to warn WordPress site owners which use the service’s Search Console. The web giant sent out alert messages to all administrators who were not running the latest version of the content management system. We recommend that all administrators migrate to the newest release to avoid these attacks and protect their sites from danger.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *