Discovery by cybersecurity researchers uncovers numerous flaws and security holes
Content management platforms like WordPress are popular among enthusiasts and businesses alike. Unfortunately, it and other similar CMS systems are at risk, exposed to malware and ransomware.
Investigative teams from Comparitech discovered at least 89 zero-day vulnerabilities related to CMS websites. According to the investigators, this has been a recent surge in attacks. The trend of zero-day vulnerabilities was on the decline as of July 2019, where monthly attacks averaged 300,000.
Now, however, they’ve more than doubled, hitting at least 700,000 reported attacks as of May 2020. The attack surge is most likely related to Coronavirus (as are most recent cyberattacks). With more reliance on the internet, either as a browser or vendor, these attacks are a natural component of the rising activity.
The 89 zero-day vulnerabilities involved popular vendor platforms like WordPress, Joomla, Drupal, and Opencart. Each of these vendors also had vulnerabilities associated with their plugins. Numerous themes and plugins exist for CMS websites, expanding the problem. The majority of vulnerable websites running the exposed plugins were WordPress and Joomla.
What is a zero-day vulnerability anyway?
Zero-day vulnerabilities are actively exploited weaknesses typically found in software, unknown to the user(s). Or, it is a vulnerability that has not been resolved.
CMS websites frequently use the mentioned plugins, exacerbating the issue. Often, users taking advantage of these website development platforms likely don’t have the same expertise regarding cybersecurity, and as such, do not deploy the same level of caution.
How are the attacks happening?
The researchers looked over five hacking-bots (automated malicious software) which “take advantage of 40 to 80 exploits.” Those exploits sought to achieve a variety of end goals. The shell scripts could hijack pages, for instance, and bringer users to malicious zones where they may give away personal info on accident.
Implemented scripts like botnets and malware were typical. Installed botnets were also common.
Comparitech found another troubling bit of info: a chunk of the malicious bots/attackers were not listed in any databases (only 124 out of 280). When not recorded, vendors, websites, and businesses lack a “blueprint” for a proper defense.
These exploits are quite easy for most to pull off, meaning they don’t require an elaborate team of knowledgable hackers to launch them. This emphasizes their danger and should give anyone using CMS platforms pause.
What can I do?
Numerous individuals and businesses use the platforms for a variety of reasons, from hobby to selling wares. Therefore, this is probably causing some anxiety if you happen to use, say, WordPress in any capacity. Are you at risk?
You need to make doubly sure your plugins and domain haven’t been compromised. Publishers might have patches released for exploits. If not, consider retiring them or using another, safer alternative. Conduct thorough security scans and see if unusual activity has occurred (or if you notice performance problems).
If you’re still having trouble (or want to take extra care) conducting third-party scans via service can help. Bytagig offers this, and can assist where necessary.