NewsSecurity

Hackers attacked 900,000 WordPress sites over a week

Wordfence specialists noticed that a group of hackers launched a large-scale campaign against WordPress sites. Using various known vulnerabilities, hackers attacked almost a million resources over the last week.

This is not the first malicious campaign aimed at WordPress users, but the scale this time, and even against the backdrop of a pandemic, is pretty impressive.

The attacks began on April 28, 2020 and resulted in a thirty-fold increase in the amount of malicious traffic monitored by the company.

“The gang uses more than 24,000 different IP addresses for attacks and has already tried to hack over 900,000 WordPress sites. The attacks peaked last Sunday, May 3, 2020, when hackers made over 20,000,000 attempts to break into 500,000 different domains”, – said Wordfence specialists.

Researchers write that, basically, the group relies on exploiting a variety of XSS vulnerabilities and, with their help, injects malicious JavaScript code into sites, and then redirects incoming traffic to resources to malicious sites.

Also, the malware used by cybercriminals checks if the visitor is logged in as an administrator to try automatically create a backdoor using his account.

Wordfence reports that attackers exploit the following vulnerabilities in their campaign:

  • XSS vulnerability in the Easy2Map plugin, which was removed from the WordPress repository in August 2019. Attempts to exploit this vulnerability account for more than half of the total number of attacks, although the plugin is installed on less than 3000 sites;
  • The XSS vulnerability in the Blog Designer plugin, which was fixed in 2019. The plugin uses approximately 1,000 resources, but this vulnerability has already been used in other malicious campaigns;
  • Bug in the WP GDPR Compliance plugin, fixed at the end of 2018. Among other things, the problem allowed attackers to change the home URL of the site. Although this plugin has more than 100,000 installations, analysts estimate that at present only 5,000 of them are still vulnerable.
  • Vulnerability in Total Donations plugin that could change the website’s home URL. This plugin was removed from Envato Marketplace at the beginning of 2019, and there are currently less than 1,000 live installations.
  • XSS vulnerability in the Newspaper theme, which was fixed back in 2016. In the past, hackers also exploited this problem.

According to Wordfence experts, in the future, the group behind the attacks can develop new exploits and expand their arsenal, which will entail attacks on other vulnerabilities.

I also remind you that we wrote about a bug in the Rank Math WordPress plugin, which allows assigning administrator privileges to any user.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

James Brown

Technology news writer and part-time security researcher. Author of how-to articles related to Windows computer issue solving.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button