Over 15,000 WordPress websites have been compromised by a new malicious campaign that redirected visitors to bogus Q&A portals. “These malicious redirects appear to be designed to increase the authority of the attacker’s sites for search engines,” stated Sucuri researcher Ben Martin, calling it a “clever black hat SEO trick.” A threat actor created the malicious search engine technique to drive traffic to a “handful of fake low quality Q&A sites.” On average, hackers modified over 100 files per website during the campaign. This method differs significantly from prior attacks of this type, where only a smaller number of files were modified to leave a smaller digital trace to avoid detection. The most frequently infected pages consist of wp-signup.php, wp-cron.php, wp-links-opml.php, wp-settings.php, wp-comments-post.php, wp-mail.php, xmlrpc.php, wp-activate.php, wp-trackback.php, and wp-blog-header.php.
12 Essentials for a Successful SOC Partnership
Binary Defense
January 12, 2023
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security
