WordPress is currently attacked by a new plugin bug, triggering an internet-wide hacking spree. On Friday, Sept. 4, Defiant, the company behind the Wordfence web firewall, said that millions of WordPress sites were attacked and probed this week.
Hackers discovered a zero-day vulnerability in "File Manager," a popular WordPress plugin installed on more than 700,000 sites. They started exploiting it, leading to the sudden spike of malicious attacks.
The cyber attackers used zero-day, an unauthenticated file upload vulnerability, to send malicious files on a site running an older version of the File Manager plugin. They started attacking the websites that have the plugin installed.
Once they successfully attacked the sites, they'll upload a web shell, disguised inside an image file on the victim's server, by exploiting the zero-day. They would then take over the victim's site, trapping it inside a botnet, by accessing the web shell.
"Attacks against this vulnerability have risen dramatically over the last few days," said the Ram Gall, a Defiant's Threat Analyst.
It is still unclear how the hackers found the recent bug.
1.7 million sites were attacked and probed
On Friday, Sept. 4, Defiant recorded 1 million WordPress sites attacks, showing that the probes started slow but intensified throughout the week. Gall said that Defiant quickly addressed the issue, blocking malicious attacks against more than 1.7 million sites since Sept. 1.
Not sure what exactly is going on, but this looks like a bug introduced in _wp_specialchars() in #WordPress 5.5pic.twitter.com/N6Zsvuvlrd — Mathieu Sarrasin (@IceableMedia) August 29, 2020
The total number of breached sites is more than half of the number of WordPress sites using the WordFence web firewall. However, since WordPress is installed in hundreds of millions of sites, Gall concludes that the attacks' true scale is even greater than what they've recorded.
Hackers could still be attacking and probing other WordPress websites. To prevent further breaches, the File Manager developer team developed and released a patch for the zero-day, the same day it discovered the attacks.
Some websites already downloaded the patch, while others are still lagging. Because of their slowness in patching, the WordPress developer team added an "auto-update" feature for WordPress plugins and themes. The site owners can configure plugins and themes in WordPress 5.5.
They can auto-update themselves every time a new update is released to make sure that their websites have the latest version of plugin or theme, that would help them prevent further attacks.
For more news updates about WordPress attacks, always keep your tabs open here at TechTimes.
This article is owned by TechTimes,
Written by: Giuliano de Leon.