Federal Bureau of Investigation warns that ISIS and their supporters are targeting websites that have vulnerable WordPress plugins
The recent spate of hackings of websites in the United States has left small business and small sites owners stunned. Almost all of these websites were hacked by either direct ISIS supporters or ISIS sympathizers.
The sudden spate and steady stream of hacking even stunned FBI and it came out with a advisory warning that the ISIS and its supporters are targeting the US websites that have vulnerable WordPress plugins.
WordPress content management system is the post popular CMS world over and small websites including small and medium businesses use WP for their websites. WordPress is also popular because of the countless plugins available to the simple tasks and add features to WP. The 37,000 odd plugins in the WP library are developed by third-party developers and some of there are vulnerable to exploits.
The advisory published on FBI’s Internet Crime Complaint Center says that the ISIS and its sympathizers are using these vulnerabilities which can allow the hackers to gain unauthorized access, inject scripts or install malware on the affected sites.
“Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems,” the advisory said.
The attackers voice support for ISIS, sometimes referred to as ISIL, “to gain more notoriety than the underlying attack would have otherwise garnered,” the FBI said.
WP plugins have been riddled with vulnerabilities which are discovered regularly by security researchers. Sucuri issued an advisory on Tuesday warning WP users of the flaw it found in the WP-Super-Cache plugin, which delivers static HTML files of WordPress pages stripped of PHP scripts for improved loading times.