WordPress is one of the most used content management system (CMS) in the world. So when there is a security flaw in its system, it affects millions of users on the Internet. Attackers have taken a liking to a content-injection vulnerability disclosed last week and patched in WordPress 4.7.2 that experts say has been exploited to deface 1.5M sites so far.
WordPress silently patched the issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, when it pushed version 4.7.2 on Jan. 26. A core developer with the CMS said the following week that it waited to disclose the vulnerability to ensure that millions of additional sites could deploy the update. WordPress has a feature that automatically updates the CMS on the majority of sites, but some users elect not to use it, instead test updates before pushing them.
Content Injection or Privilege Escalation vulnerabilities were found to affect the REST API allowing an attacker to modify the content of any post or page within a WordPress site. However, there is good news since the vulnerability was reported to WordPress security team who handled the matter professionally and informed as many security providers and hosts and implemented a patch before this became public.
Researchers saw the biggest spike in attacks on Tuesday this week when popular security tool, Wordfence, blocked roughly 13,000 attacks from 20 different campaigns. The vulnerability had set off a “feeding frenzy” among hacker groups, WordFence founder Mark Maunder said. “During the past 48 hours we have seen over 800,000 attacks exploiting this specific vulnerability across the WordPress sites we monitor”.
“Attackers are starting to think of ways to monetise this vulnerability,” wrote Sucuri founder Daniel Cid. “Defacements don’t offer economic returns, so that will likely die soon.” Hackers were keen to use the vulnerable sites as proxies for spam or malware campaigns, he said.
Online security is IntelliteK’s #1 priority for our clients, our vendors and our own infrastructure. Even though it is advised that you pefrorm some sort of IT security within your organisation yourselves, you really need to leave the nitty gritty to an expert managed IT services company. Get in touch with us today and ensure that your business does not get comprimised by malware attacks either on your website or your internal networks.
Call us on 1300 768 779 or email us at info@intellitek.com.au and one of our representatives will be in touch shortly.