Attackers exploited XSS vulnerabilities in WordPress themes and plugins to steal database credentials

In a blog post, QA engineer and threat analyst Ram Gall provided further insight on the sheer scale of the campaign, saying:

“Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files. The peak of this attack campaign occurred on May 30, 2020. At this point, attacks from this campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem.”

Targeting WordPress accounts

Security researchers at Wordfence were able to link this campaign to another large-scale attack that began on April 28 by analyzing the 20,000 different IP addresses used in this latest attack.

In the previous campaign, the threat actor the company tracked tried to plant backdoors or redirect visitors to malvertising sites by exploiting XSS vulnerabilities in plugins that had been patched but had yet to have been updated by WordPress site owners.

In just one day on May 3, the attackers behind these campaigns managed to launch over 20m attacks against more than half a million sites.

As is often the case, WordPress site owners can defend against these types of attacks by ensuring that all of the plugins and themes installed on their sites have been updated to the latest version and by applying and patches released by their creators. Additionally, they should delete or disable outdated themes and plugins that have been removed from the official WordPress repository since they are no longer being maintained.

 

VISIT THE SOURCE! — https://www-techradar-com.cdn.ampproject.org/c/s/www.techradar.com/amp/news/millions-of-wordpress-accounts-targeted-in-major-cyberattack