Wordpress botnet attack could pave way for larger site takedowns

Cyber attack on blogging platform could have far-reaching effects, warn IT security experts.

Blogging

The fallout from the Wordpress cyber attack could have far-reaching repercussions, as security experts fear the perpetrators could seize on compromised accounts to spread malicious material.

The blogging platform has reportedly been hit by a "brute force" attack that targets the Wordpress administration portal and tries to log into accounts with the username "admin" by trying thousands of passwords.

A botnet is thought to have been employed to carry out the attack, as tens of thousands of unique IP address have been recorded trying to hack into Wordpress installs.

Wordpress founder Matt Mullenweg, said admin' had been the default username for many users until the introduction of a newer version of the site several years ago.

"If you still use admin' as a username on your blog, change it, use a strong password, if you're on WP.com turn on two-factor authentication, and make sure you're up-to-date on the latest version of Wordpress," he wrote in a blog post.

Blog writers should use strong passwords to protect their accounts and their users, whom they have a responsibility to protect.

"Do this and you'll be ahead of 99 per cent of sites out there and probably never have a problem."

Hosting provider CloudFlare said the attack could pave the way for a larger one later down the line.

"One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack," said the company in a blog post.

"These larger machines can cause much more damage in DDoS (Distributed Denial of Service) attacks because the servers have larger network connections and are capable of generating significant amounts of traffic," it continued.

Olli-Pekka Niemi, vulnerability expert at network security vendor Stonesoft, said the attackers could also gain access to people's accounts to carry out further attacks.

"By compromising Wordpress blogs, attackers may be able to upload malicious content and embed this into the blog. When readers visit the blogs in question they would then be subject to attack, come under compromise and develop into botnets," Niemi warnd.

"Blog writers should use strong passwords to protect their accounts and their users, whom they have a responsibility to protect."

Meanwhile, Matt Middleton-Leal, UK and Ireland regional director security vendor Cyber-Ark, said there is a risk that once cracked these Wordpress login credentials could be used to gain access to other sites.

"If Wordpress users have been targeted in this attack, they should change their username and password details for their Wordpress account, but also for any other accounts for which they use the same credentials," said Middleton-Leal. 

"This is especially critical if the same details are used for work purposes, as protecting these details is essential when it comes to securing what really matters within an organisation."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020