If you enter your regular text processing online platform, the last thing you may think is that it may make you vulnerable to a hacking attack . Sadly, cybercriminals are now targeting web pages that use one of the most popular web hosting spaces, WordPress.
The modus operandi of the latest attack have
these hackers infecting some common plugins. Wordfence researchers observed
that the WordPress plugin hack can affect as many as nine different plugins.
The fact that so many plugins can be
vulnerable to attacks has led cybercriminals to play with the system and create
false administrator accounts on specific web pages while implementing these
plugins.
A Wordfence research specialist explained via a blog post that the vast majority of the attacks related to the WordPress plugins have come from a single IP address, and it is linked with a Rackspace server that hosts some allegedly infected or compromised websites.
The security company also stated that it tried
to reach out to Rackspace with the intention of warning them about the
presumably compromised servers and web pages, but there wasn’t a response at
the moment in which they wrote the mentioned blog post.
Some of the plugins that were breached are
Blog Designer, Bold Page Builder, Form Lightbox, Hybrid Composer, Live Chat
with Facebook Messenger, and all former NicDark plugins, which include
nd-learning, nd-travel, nd-booking and more; Visual CSS Style Editor, WP Live
Chat Support, and Yuzo Related Posts.
According to specialists in the matter, the
WordPress plugins hack injected scripts which resulted in malicious redirects
to compromised websites and annoying popups in visitors’ web browsers.
The hack has existed since the month of July,
or at least that is when it was spotted. Since that moment, cybercriminals have
included another script that attempts to install a backdoor into the page via
an exploit of an administrator session.
People are no doubt wondering what to do about
the hack. After all, WordPress is a widely used web hosting platforms, one that
powers thousands of blogs and websites from all over the world.
Before talking about possible solutions, it is worth noting that whenever the administrator signs into an infected WordPress website , the newly developed script attempts to use their credentials to come up with a new admin account using the name wpservices.
The new “wpservices” admin account is actually
linked to the email address wpservices@yandex.com.
The cybercriminals manage this new, malicious
WordPress account and implements it as a mean to complete several other acts.
According to the Wordfence researchers, the fact that more malicious
administrators accounts are being created is a clear sign that hackers may be getting
ready to inflict more damage through compromised WordPress pages.
As a possible solution, website administrators
that use WordPress as a web hosting platform are recommended to keep all their
plugins up to date, to their respective latest versions, in order to avoid
their pages from being targeted and exposed to the hack.
The fact remains that the hacker or hacking
entity is actually targeting older vulnerabilities, which would mean that those
that have their plugins updated have lower odds of being the newest victims of
the vulnerability.
Additionally, researchers and specialists are also recommending deleting all malicious accounts that were created by the malware and further performing a scan to their pages to make sure that no other backdoors have been installed.
When it comes to cybersecurity, especially in
our current reality, it seems that there is no way a person can be 100 percent
safe while venturing into the online world. That is why awareness should come
first, and then, a course of action can be planned.
Something that may seem harmless like
WordPress plugins could end up being extremely detrimental to online privacy
and security.
feshop cvv cvv auto shop
Written By