8:54 AM EDT 4/8/2015
The FBI in a public service announcement (PSA) released Tuesday is advising people responsible for WordPress websites to be on the lookout for attacks carried out by individuals sympathetic to the Islamic State of Iraq and al-Shams terrorist group, which is also known as the Islamic State in the Levant (ISIL), according to Ars Technica. "Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers," the PSA says. "An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation."
The perpetrators of the attacks are not members of the ISIL terrorist organization according to the FBI. Also, these individuals are just hackers who use relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name merely "to gain more notoriety than the underlying attack would have otherwise garnered." Methods being utilized by hackers for the defacements indicate that individual Web sites are not being directly targeted by name or business type.
All victims of the defacements share common WordPress plug-in vulnerabilities easily exploited by commonly available hacking tools. In fact, as observed by Ars Technica, "the steady stream of vulnerabilities found in WordPress plugins, and to a lesser extent WordPress itself, make defacements and other types of website compromises largely a cut-and-paste exercise. Relatively unskilled miscreants are seizing on sites that fall behind applying patches."
To defend against such attacks, the FBI recommends the following actions be taken:
© 2018 Celebeat.com All rights reserved. Do not reproduce without permission.