Home News Attackers Target 900,000 WordPress Sites in a Week

Attackers Target 900,000 WordPress Sites in a Week

Cybercriminals Tried to Access Database Logins of 1.3 Mn WordPress Sites

Threat actors tried to hack nearly one million WordPress sites in the last week, according to a security alert issued by cybersecurity firm Wordfence. The threat intelligence team at Wordfence stated that hackers launched attacks from 24,000 different IP addresses and tried to break into more than 900,000 WordPress sites.

It was found that since April 28, 2020, unknown hackers engaged in this massive campaign that caused a 30 times increase in the volume of attack traffic. The attacks peaked on May 3, 2020, when the group launched more than 20 million hacking attempts against half a million domains. Attackers largely abused cross-site scripting (XSS) vulnerabilities to inject malicious JavaScript code on websites and redirect them to malicious sites.

“We found that this threat actor was also attacking other vulnerabilities, primarily older vulnerabilities allowing them to change a site’s home URL to the same domain used in the XSS payload in order to redirect visitors to malvertising sites,” Wordfence’s security team said.

Indicators of Compromise

Wordfence also listed the top 10 IP addresses performing these attacks to help users to monitor their sites. These include:

185.189.13.165

198.154.112.83

89.179.243.3

132.148.91.196

104.236.133.77

188.166.176.210

77.238.122.196

74.94.234.151

188.166.176.184

68.183.50.252

“As these attacks appear to be targeted at vulnerabilities that have been patched for months or years, both Wordfence Premium and free Wordfence users should be protected,” the team added.

Wordfence urged users to update their website plugins and deactivate any plugins that have been removed from the WordPress plugin repository. “We did not see any attacks that would be effective against the latest versions of any currently available plugins, running a Web Application Firewall can also help protect your site against any vulnerabilities that might have not yet been patched,” it added.

An earlier independent study from WPScan stated that WordPress plugins are the biggest source of vulnerabilities and data breaches. It accounts to 54% of the global WordPress vulnerabilities count.