FBI warns of attacks against WordPress-based sites run by ISIS sympathizers

The FBI is warning that individuals sympathetic to the ISIS are running mass-hacking websites exploiting known vulnerabilities in WordPress.

The FBI is warning administrators of WordPress websites about the possibility of cyber attacks carried out by sympathizers of the ISIS  terrorist group. Unfortunately, it is quite simple to compromise websites based on the popular content management system (CMS) that are affected by known vulnerabilities still not patched. The situation is very serious if we consider the large number of flawed WordPress plugins installed by Web masters worldwide, it is easy for unskilled hackers to find online all the necessary information and tools to exploit these vulnerabilities and the FBI is aware of this.

“Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers,” reads the announcement published by the FBI . “An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.”

The exploitation of flaws in WordPress instances or installed plugin is a common practice in the hacking community, security experts at security firm Sucuri continually illustrate TTPs adopted by major criminal organizations that target most popular CMSs.

Hackers exploit vulnerability in WordPress for various purposes, they can steal sensitive data from the backend of the CMS, deface the website, use the website to run DDoS attacks against third-parties targets or to serve a malware.

Last week Sucuri experts warned that million of WordPress websites using the WP-Super-Cache are exposed to the risk of cyber attack due to a critical vulnerability affecting the popular plugin.

“The FBI assesses that the perpetrators are not members of the ISIL terrorist organization. These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered. Methods being utilized by hackers for the defacements indicate that individual Web sites are not being directly targeted by name or business type. All victims of the defacements share common WordPress plug-in vulnerabilities easily exploited by commonly available hacking tools.” continues the announcement.

The FBI highlights that group of hackers or lone individuals linked to the ISIS can carried attacks exploiting the flaws, according to the expert Bryan Krebs the FBI issued a separate advisory to private companies warning about the operations of several pro-extremist groups located in the Middle East and North Africa. According the FBI these groups also involved in the recent #OpIsrael represents a serious threat for millions of companies worldwide.

Despite the damage caused by such kind of attacks is considered by security experts modest, we cannot underestimate the costs in terms of lost business revenue and expenditures on technical services to restore an operative condition.

The FBI anyway highlighted that the hackers behind this wave of attacks are not members of the ISIS organization, these attackers are using relatively unsophisticated methods to compromise the WordPress instance and are abusing of the ISIS name to emphasize the hack.

Stay tuned …

Pierluigi Paganini

(Security Affairs –  WordPress, ISIS)