Site after site is being hacked every second that we spent on the internet. Many of these are commercial sites that involve money or sensitive information crucial to the website owner. How are these sites being hacked anyway?
First and essential step in the cyber attack planning, that we already stressed in previous posts, is the security information gathering on potential victim websites. Since the majority of the commercial sites are created using CMS (Content Management System), the information on the underlying code is publicly available. Well-known CMSs are WordPress, Joomla, Magento, etc. These are continuously studied by hackers to find new security loopholes.
Security Vulnerability Exploits For Free
Hackers have the required knowledge and toolset to find the vulnerabilities in CMS programs and to exploit them. They also sell their newly discovered vulnerabilities to the dark-web to earn bitcoin (Online currency).
We have found a lot of sites offering services in exchange for this information. Here is one of them:
As you can see there were a lot of exploits that are free and anybody can use it. We checked one of the malware offered, and it was an exploit for a WordPress plugin. This web malware targeted the particular version of the plugin, and it exploited an SQL injection vulnerability. From our investigation, anyone who has basic knowledge of SQL can just use it to attack a website that installed this plugin and gain full access to the compromised system.
Good thing here is that the plugin in question already released the fix for this vulnerability. Of course, the users that still run the outdated version of the plugin can get their website and visitors infected. Updating your software on time is paramount to keep the security risks low. It is just a matter of time when the unpatched websites will face an unpleasant consequences, even an instant ransomware installation.
When our experts are cleaning malware from the CMS-based and other websites, they implement extra protection to the system in place, and they also check for database infection especially if it is an SQL injection attack. We also review the server logs to trace the malware causes. Such essential steps allow us to educate the webmaster further and give additional advice on how to protect the server.
Is your website flagged for malware, blocked by the search engines or disabled by the host?
Our experts are here to clean up any malware from your sites and remove false-positives, blacklisting and other kinds of alerts by any security vendor and search engines. Just select appropriate ThreatSign! Anti-Malware plan
and get back online.
For other issues and help: Quttera help-desk