Comments On Thousands Of WordPress Sites Hacked To Fuel Scam Campaign

According to security researchers, over 2,000 WordPress sites have been hacked to fuel a campaign that redirects visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. Security firm Sucuri detected this hacking campaign last week. Some of the vulnerable plugins seen being exploited are the “CP Contact Form with PayPal” and the “Simple Fields” plugins.


EXPERTS COMMENTS
James McQuiggan, Security Awareness Advocate,  KnowBe4
January 24, 2020
Organizations that face these types of attacks should have a well documented backup.
An organization's "front door" is their website and a target for criminals as they attempt to gain access to install malicious code and malware for all who visit their website. The security for the website should be extremely robust with a well documented and repeatable change control program, including regular patching. Organizations using plugins need to verify all updates and test them to red ....
[Read More >>]
Mike Bittner, Associate Director of Digital Security and Operations,  The Media Trust
January 24, 2020
While this arrangement may have worked in the past, the passage of the CCPA has shaken up the industry.
Campaigns that redirect users of legitimate sites to scam sites underscore the problems with relying on digital third-parties. While digital third-parties provide much needed support to websites that must meet the growing demands of website users, they also expose site owners and users to security and privacy risks. The code they run on today's websites lie outside the website owners' perimeter. A ....
[Read More >>]
Ameet Naik, Security Evangelist ,  PerimeterX
January 23, 2020
WordPress plugins are another example of third-party risks to websites, and have been a frequent target in the past.
WordPress plugins are another example of third-party risks to websites, and have been a frequent target in the past. A single compromised plugin can infect tens of thousands of websites in one stroke, hence they remain a popular attack vector. The technique seen in this attack is very similar to what we see with Magecart attacks where additional scripts are loaded from malicious domains. These scr ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article