ISIS Sympathizers Defacing and Exploiting WordPress Sites, FBI Warns
Individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS) group are disrupting the operations of various WordPress sites, theFBI Internet Crime Complaint Center announced on Tuesday. They are not members of the organization, but may be using the name to gain notoriety in their attacks.
The FBI announced that previously known vulnerabilities in WordPress plug-ins were exploited to deface the sites. Specific websites were not named and no in-depth technical analysis was included.
The perpetrators are relatively less sophisticated as typical attackers. They were reportedly using unsophisticated methods to exploit technical vulnerabilities and the victims of the defacements share common WordPress plug-in vulnerabilities easily exploited by commonly available hacking tools.
Security researchers noted that outdated versions of the RevSlider (4.2), GravityForms (v1.8.2), FancyBox, Wp Symposium, and Mailpoe plug-ins were among those that are currently being exploited.
In a blog post, security journalist Brian Krebs noted that this announcement comes at the heels of another FBI public alert, which though unrelated to ISIS sympathizers are similarly driven by ideologies—that of extremist hacking groups reportedly recruiting participants to target Israeli and Jewish Web sites for the second anniversary of the #OpIsrael operation.
Political Motivations, Real Consequences
Ideologies have always been strong motivators for cyber aggression, even more so when those involved are driven by real-world events. Since cyberspace is a venue that coddles all users, regardless of their affiliations, politically motivated attacks using online threats has become a common scenario.
Individuals or groups driven by political beliefs or advocacies may resort to using web threats to put their enemies down. In this case, a popular web platform used by majority of high-traffic sites can be very dangerous for those who use and access the said sites.
“Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation,” warns the FBI.
WordPress is no stranger to threats of mass website compromises. In 2014, attackers compromised the Gizmodo Brazilian site via WordPress plugin vulnerabilities and used it to spread online banking malware to approximately 7,000 victims in two hours.
In a way, web defacements and attacks of this nature can contribute in tarnishing the reputation of organizations, hamper internal operations, and cause the loss of valuable resources.
In January, a hacker group reported to have hacked the United States Central Command (USCENTCOM or CENTCOM) Twitter and YouTube accounts were able to redirect the Malaysia Airlines (MAS) website visitors via a “DNS spoofing attack.” This may have been distressing for the customers of the said airlines who needed to check their flights.
Quick Pointers for Web Admins
Website protection is a serious matter to ensure smooth online operations for any organization. If you own a website, including those hosted in WordPress, take note of the following points:
- Always keep WordPress installations current and updated. Pay attention to fresh WordPress updates and plug-in releases.
- Use strong passwords for your WordPress accounts. Remember that usernames can easily be guessed or stolen by attackers.
- Pick your theme source codes carefully as attackers usually put webshells there.
- Watch out for recently created files, especially the ones created by the same user as the one ran by the web server. This could be a sign of an attack-in-progress.
- Consider using hosted cloud service providers to manage your site, as they will expertly run and update the plug-ins as well.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report