WordPress Exploit Leads to Hacking of Over a Million Websites

Media Division | February 24, 2017

When it comes to cyber hacks and attacks, a single vulnerability can lead to a multitude of disastrous consequences and results upon systems.  Especially when a vulnerability in a system goes unnoticed or unaddressed for a length of time, it can then continue to be exploited.  In a recent event, an undisclosed critical vulnerability in the WordPress content management system (CMS) led to around 1.5 million websites being hacked and defaced over the past few weeks.  Victimized parties included a multitude of law firms and many other types of organizations.

How The Massive Hacking Came About

The series of hacks began after WordPress had released the newest version of the website platform three weeks ago.  Version 4.7.2 was pushed live, and administrators were encouraged to update “as a matter of urgency,” without any other specific details.  The next week, WordPress had stated that the update had patched an “undisclosed critical vulnerability,” and claimed that they had not released any details so that administrators had time to update their platform before hackers could attempt to exploit it.  Although, this news of the critical vulnerability then incited a multitude of hackers to attempt to find and exploit the sites that had not updated.

Apparently, an extremely large number of administrators had not updated their sites, as displayed by the large amount of sites that began to be hacked.  According to reports, the hack did not allow for any access to sensitive information or data but allowed the perpetrator to deface the websites that were breached.  It appeared that the most common method of the attackers was to scan for websites running the previous version of the platform, and then stripping the content from those sites, and replacing it with text stating “Hacked by (name).”  The names varied widely, as it appeared there were a massive amount of hackers exploiting this vulnerability, and in some cases even competing to compromise the un-updated sites.  There were cases of a single name having hacked hundreds of thousands of websites.  According to a report from ThreatPost which spoke to WordFence CEO, Mark Maunder, “More than 350,000 pages have been defaced by one campaign alone according to Maunder. The campaign, dubbed MuhmadEmad, drops a file, krd.html, on the site and in most instances, defaces the homepage to display the flag of Kurdistan. Beneath the flag, in Comic Sans, reads the text ‘KurDish HaCk3rS WaS Here.’”

While this exploit did not allow the perpetrators to access any valuable or privileged data, it displays the fact that a single vulnerability can detriment a range of organizations and operations.  It can also produce other damage aside from data or financial loss, such as the loss of reputation or trust in consumer’s eyes.  A consumer visiting the website of one of these organizations may be off-put by the fact that their website is hacked, which may lead to them taking their business elsewhere.  Critical security patches and updates like this need to be implemented immediately, as being lackadaisical about it can lead to instances like the above.

Coming Back from A Breach With Online Reputational Management

Being that attacks like this can heavily damage an organization’s stance or reputation with consumers, it is critical that they take immediate action to come back from a situation like this.  Fortunately, in many cases, reputational damage can be repaired, even if it may take some time to do so.  The alternative option could potentially be a failing business if that reputation is never fixed in the consumer’s eyes.  Massive Alliance can help your business to recover from a breach with thorough online reputational management services.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.