Published on July 2nd, 2015 | by Diogo Costa1
Beware: ISIS is Targeting WordPress Sites
A public service announcement has been issued by the Federal Bureau of Investigation (FBI), referring to a large number of sites being exploited and compromised through vulnerabilities in plugins for WordPress:
Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.
FBI also explains in detail what happens when a website is compromised:
Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.
This is nothing new and, over the last few months, users have been warned and taught to protect their sites. Disfigurement policies are very common and one of the most used forms of online protest and hacking and, when a disfigurement is not successful, the attacks then escalate to Distributed Denial of Service (DDoS) attacks to take a page down.
FBI’s announcement failed to elaborate on what is being explored and what exactly hackers are doing, so let’s clarify what happens in these attacks. First, the two main plugins currently being explored are the old versions of RevSlider (versions before 4.2) and GravityForms (versions before 1.8.20).
Users should be careful with Revslider, especially anyone looking to start a blog, as it is one of the most widely used WordPress plugins. Other plugins being targeted are FancyBox, Wp Symposium, Mailpoet, and others. While a 100% accurate list is not possible, because hackers try to exploit anything they can, listing some of the affected plugins can give users an idea of what they should avoid.
Second, the FBI report also ignores another very important point: hackers are not only attempting to exploit plugins vulnerabilities, they are also exploring vulnerability found in themes, along with many brute force attacks targeted at the WordPress administration panel. When their attacks are successful, hackers spread their messages on those sites.
With this in mind, more than ever, WordPress users should review and strengthen the security of their websites, so that they are more protected in case they become a target for this kind of hacking.