Police and FBI are investigating defacement attacks on a number of websites including the site of Dublin Rape Crisis Centre, where attackers placed an ISIS flag banner on website home pages and played an Arabic song in the background. The common ground for all of the websites is that they are using WordPress Content Management Systems. WordPress sites account for a very large proportion, some saying over 20% of actual websites. w3techs.com(3) state that WordPress sites account for 23.7% of all sites or 60.4% of all Content Management System (CMS) based websites. managewp.com(4) state that 74.6 Million Sites are built using wordpress and that about 37 Million of these are hosted on the WordPress.com site.
It is believed that the threat comes from known vulnerabilities which have not been patched by the site administrators. So with these figures, WordPress can easily be seen as a potential target for hackers and Script Kiddies.
The FBI Public Service Announcement (Image shown) states that (6) “Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.”
There has been a number of attacks on WordPress sites, a number of organizations have been getting the blame to include ISIS.
According to theregister.co.uk(1) “The Dublin Rape Crisis Centre in Ireland was defaced so that its home page featured the black ISIS flag and the message “Hacked by ISIS, we are everywhere.” A Flash audio plug-in planted on the page as part of the same hack played an Arabic song.”
A Tweet by DRCC (2) was as follows
Thehackernews.com(3) tell us that “The United States Federal Bureau of Investigation (FBI) is warning WordPress users to patch vulnerable plugins for the popular content management system before ISIS exploit them to display pro-ISIS messages.” they further tell us that “According to the FBI, ISIS sympathizers are targeting WordPress sites and the communication platforms of commercial entities, news organizations, federal/state/local governments, religious institutions, foreign governments, and a number of other domestic and international websites.”
Although the FBI does not indicate the actual vulnerabilities used, Sucuri.net(8) have identified at lest two plugins (listed below) which should at least be removed or updated immediately For further details see the link below (reference 8)
- Outdated RevSlider – Version < 4.2
- Outdated GravityForms – Version < v1.8.20
Security Affairs(7) have previously reported (7 April 2015) about flaws in the WordPress WP-Super-Cache plugin and that this plugin was making millions of websites based on the popular WordPress Plugin vulnerable as attackers could inject malicious code into pages that used the extension
It is therefore important that any wordpress site users check their websites for security vulnerabilities and updates, this also should include any plug-ins used.
At the time of publishing this document, the latest version of WordPress was 4.1.1. For further details on WordPress and its downloads, see https://wordpress.org/
1. theregister.co.uk Pro-ISIS script kiddies deface Dublin Rape Crisis Centre site John Leyden
http://www.theregister.co.uk/2015/03/10/is_script_kiddies_defacement/ Retrieved 11/4/2015
2. Tweet from Dublin Rape Crisis Centre
https://twitter.com/DublinRCC/status/574859549854855168 Retrieved 11/4/2015
3. thehackernews.com Own a WordPress Website? ISIS is After You — FBI warns Swati Khandelwal
http://thehackernews.com/2015/04/hacking-wordpress-isis.html Retrieved 11/4/2015
4. w3techs.com Usage statistics and market share of WordPress for websites
5. managewp.com 14 Surprising Statistics About WordPress Usage Tom Ewer February 7, 2014
https://managewp.com/14-surprising-statistics-about-wordpress-usage Retrieved 11/4/2015
6. .ic3.gov ISIL Defacements Exploiting Wordpress Vulnerabilities April 07, 2015
http://www.ic3.gov/media/2015/150407-1.aspx Retrieved 12/4/2015
7. securityaffairs.co Flaw in WP-Super-Cache plugin threatens million of WordPress websites April 7, 2015 By Pierluigi Paganini
http://securityaffairs.co/wordpress/35767/hacking/flaw-in-wp-super-cache-plugin.html Retrieved 12/4/2015
8. sucuri.net FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities Daniel Cid April 7, 2015
https://blog.sucuri.net/2015/04/fbi-public-service-annoucement-defacements-exploiting-wordpress-vulnerabilities.html Retrieved 12/4/2015