An unknown threat actor is exploiting vulnerabilities in plugins for which patches have been available for months, or even years
More than 900,000 WordPress websites have been targeted by an unidentified bad actor in a large-scale hacking campaign over the past week. Defiant, which makes Wordfence security plugins for the web publishing platform, said that it started noticing and tracking a spike in attacks targeting especially Cross-Site Scripting (XSS) vulnerabilities on April 28th. The large-scale campaign ultimately resulted in a 30-fold increase in attack traffic.
Based on the malicious payload, Defiant suspects that most of these attacks are being carried out by a single malicious actor. According to Wordfence QA engineer Ram Gall, the cybercriminal started off with a small volume of attacks and didn’t ramp up their efforts until last week, with the campaign peaking at 20 million attempted attacks against more than half a million websites on May 3rd.
“Over the course of the past month in total, we’ve detected over 24,000 distinct IP addresses sending requests matching these attacks to over 900,000 sites,” he added. The ne’er-do-well targets Cross-Site Scripting (XSS) as well as other vulnerabilities in an attempt to inject malicious code into the websites that then redirect visitors to malvertising sites.
It is worth noting that security updates are available for the flaws under exploitation, and that the patches were rolled out months and, in some cases, even years ago.
Three of the five targeted vulnerabilities are XSS related. One of them affects the Easy2Map plugin, which accounted for more than half of the attacks and is likely installed on less than 3,000 websites. The second security hole resides in Blog Designer and was pa ..
Support the originator by clicking the read the rest link below.
