ISIL Exploiting WordPress Vulnerabilities in Website Defacements
The Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), has issued an alert regarding the exploitation of WordPress vulnerabilities by being perpetrated by individuals associated with the Islamic State in the Levant (a.k.a. ISIL or ISIS), which are disruptive and costly to targeted organizations in terms of lost revenue and expenditures for mitigating the attacks.
The defacements have impacted websites and communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other targets worldwide.
“Researchers continue to identify WordPress Content Management System (CMS) plug-in vulnerabilities, which could allow malicious actors to take control of an affected system. Some of these vulnerabilities were exploited in the recent Web site defacements noted above. Software patches are available for identified vulnerabilities,” the alert said.
“Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.”
The relatively unsophisticated attacks are not exclusively being carried out by members of the ISIL terrorist organization, but also by those who may be sympathetic to the group, or by those who may be utilizing the ISIL moniker to gain notoriety in the press.
“Methods being utilized by hackers for the defacements indicate that individual Web sites are not being directly targeted by name or business type. All victims of the defacements share common WordPress plug-in vulnerabilities easily exploited by commonly available hacking tools,” the alert said.