Researchers from Imperva released a report about the KashmirBlack botnet, which has grown significantly over the last six months and is now capable of attacking thousands of websites per day. The botnet targets websites running unpatched Content Management Systems (CMS) including WordPress, Joomla and Drupal, Magento and vBulletin—taking control of those sites by exploiting known vulnerabilities to install crypto-mining malware and redirect website visitors to malicious URLs or advertising. Some of the vulnerabilities exploited include WordPress xmlrpc.php login brute-force attack, Magento local file inclusion (CVE-2015-2067), vBulletin Widget RCE (CVE-2019-16759). Some of the vulnerabilities are many years old, and all have patches available to mitigate them. The problem is that so many websites are set up and then abandoned or never patched again.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.