Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Previously Hacked WordPress Sites Being Used to Conduct Botnet Attacks

WordPress sites are being hunted by a botnet that is using over 20,000 previously compromised WordPress sites. When new sites become infected, they instantly become a part of the botnet and aid it in attempts to brute force logins on uncompromised sites. There have been five million authentication requests already blocked, and that number will continue to grow. This is an extensive scale attack where the previously-hacked sites carry out dictionary attacks on the sites that have yet to be infected. Utilizing this assault technique, the bots can perpetually attempt distinctive usernames and passwords until the point when the genuine code is distinguished, and the bot figures out how to break into a WordPress site. Fourteen thousand proxy servers are used to relay information through the servers and also list the targets for the bots to attack. Four C&C servers are used to deliver the commands to the bots and the proxy servers belong to a host in Russia.

Analyst Notes

Protecting a WordPress site can be a rigorous task because it involves more than just using a security plugin. A drawn-out strategy needs to be used. Use a security plugin that prevents brute-force and dictionary attacks due to the fact that XML-RPC service does not have the ability to get by the plugins, even with multiple attempts to do so.