FBI warns ISIS hackers misusing WordPress plugins

On Tuesday (April 07, 2015) the FBI (Federal Bureau of Investigation) informed that hackers claiming to get concerned to the radical group ISIS are aiming sites that have weak WordPress plugins in terms of security.

The vulnerabilities make it possible for attackers to gain illegal entry, insert scripts or virus onto the websites, as said by an advisory posted by the FBI’s Internet Crime Complaint Center. The hackers have attack news groups, religious organizations, government and commercial sites.

The advisory said, “Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.”

This CMS (content management system) includes a thriving group of 3rd party developers who’ve developed near about 37,000 plugins, but sometimes protection vulnerabilities in a single can put numerous websites at risk.

The disfigurements have happened on sites that share few common WP plugins with vulnerabilities which are simply misused, the FBI explained.

On 7th of April, the safety measures company Sucuri released an advisory for a security fault within the cache plugin named WP Super Cache, which brings static HTML documents of WP pages bare of PHP for better loading times.

The voice assistance for ISIS, occasionally denoted to as ISIS, “to get more notoriety than the primary attack would have else saved,” the FBI mentioned.

The plugin has cross-site scripting susceptibility that could permit a hacker to include a fresh admin to a website or add an exit applying WordPress’s theme edition resources. There are millions of websites which are using the plugin.

At the end of February, Sucuri mentioned the similar amount of WordPress websites were susceptible to takeover as a result of an error in an additional analytic plugin denoted to, as WP-Slimstat.

Top/Featured Image: By simplu27 / Pixabay

Ali Raza Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a Master degree, now he combines his passions for writing about internet security and technology for SecurityGladiators. When he is not working, he loves traveling and playing games.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.