20
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Hundreds of thousands of WordPress websites were targeted over the course of 24 hours in a large scale cyberattack with the aim of harvesting database credentials.The cybercriminals behind the attack were attempting to download the wp-config.php configuration files from users WordPress sites as they contain valuable information including database credentials, connection info, authentication unique keys and salts.They tried to exploit known cross-site scripting (XSS) vulnerabilities in WordPress plugins and themes installed on users' sites as a means to gain access to their credentials with the end goal of completely taking over their sites.In a blog post, QA engineer and threat analyst Ram Gall provided further insight on the sheer scale of the campaign, saying:Between May 29 and May 31, 2020, the Wordfence Firewall blocked over 130 million attacks intended to harvest database credentials from 1.3 million sites by downloading their configuration files.
The peak of this attack campaign occurred on May 30, 2020.
At this point, attacks from this campaign accounted for 75% of all attempted exploits of plugin and theme vulnerabilities across the WordPress ecosystem.Security researchers at Wordfence were able to link this campaign to another large-scale attack that began on April 28 by analyzing the 20,000 different IP addresses used in this latest attack.In the previous campaign, the threat actor the company tracked tried to plant backdoors or redirect visitors to malvertising sites by exploiting XSS vulnerabilities in plugins that had been patched but had yet to have been updated by WordPress site owners.In just one day on May 3, the attackers behind these campaigns managed to launch over 20m attacks against more than half a million sites.As is often the case, WordPress site owners can defend against these types of attacks by ensuring that all of the plugins and themes installed on their sites have been updated to the latest version and by applying and patches released by their creators.
Additionally, they should delete or disable outdated themes and plugins that have been removed from the official WordPress repository since they are no longer being maintained.Via BleepingComputer
