INSUBCONTINENT EXCLUSIVE:
Hundreds of thousands of WordPress websites were targeted over the course of 24 hours in a large scale cyberattack with the aim of
harvesting database credentials.The cybercriminals behind the attack were attempting to download the wp-config.php configuration files from
users WordPress sites as they contain valuable information including database credentials, connection info, authentication unique keys and
salts.They tried to exploit known cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes installed on users' sites as a
means to gain access to their credentials with the end goal of completely taking over their sites.In a blog post, QA engineer and threat
Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration
The peak of this attack campaign occurred on May 30, 2020
At this point, attacks from this campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the
by analyzing the 20,000 different IP addresses used in this latest attack.In the previous campaign, the threat actor the company tracked
tried to plant backdoors or redirect visitors to malvertising sites by exploiting XSS vulnerabilities in plugins that had been patched but
had yet to have been updated by WordPress site owners.In just one day on May 3, the attackers behind these campaigns managed to launch over
20m attacks against more than half a million sites.As is often the case, WordPress site owners can defend against these types of attacks by
ensuring that all of the plugins and themes installed on their sites have been updated to the latest version and by applying and patches
released by their creators
Additionally, they should delete or disable outdated themes and plugins that have been removed from the official WordPress repository since
they are no longer being maintained.Via BleepingComputer
