HomeNewsLarge scale attack campaign targets WordPress sites’ database credentials
News

Large scale attack campaign targets WordPress sites’ database credentials

Amaya Paucek
By Amaya Paucek
0
515
If you purchase via links on our reader-supported site, we may receive affiliate commissions.
database credentials web application firewall
spot_img

There have been reports that hackers tried to download configuration files from sites using WordPress to steal their database credentials.

Wordfence, a provider of web application firewall services (WAF) reported that about 130 million attacks directed at harvesting database credentials from 1.3 million sites by downloading their configuration files were blocked by Wordfence Firewall.

“The attack was started by hackers since 30th of May 2020 becoming the peak of the attack campaign having recorded about 75% of the total attempt at exploiting the theme and plugin vulnerabilities all through the WordPress environment.” This was stated by Ram Gall, Wordfence QA engineer.

He emphasized the fact that the attacks were executed from a network of 20,000 different IP addresses with most having been previously deployed in an earlier large-scale campaign that also targeted WordPress sites early last month.

The earlier campaign similar in size saw the hackers deployed a batch of XSS (cross-site scripting) vulnerabilities and tried to attach malicious administrative users and backdoor on the targeted sites.

In a Wordfence-published report detailing part of a threat alert, it revealed that the config-jacking attacks are three times bigger than any other form of the attack recorded against WordPress sites. Both large-scale campaigns which are “considered” to be bigger than all other groups’ attacks put together are suspected to have been carried out by the same hacker.

Gall said, “the attack campaign aimed to use old exploits to export wp-config.php files from unpatched WordPress websites, extract database credentials from them, before using the usernames and passwords to hijack the databases.”

READ ALSO: WordPress malware pinpoints WooCommerce sites for Magecart attacks

The web application firewall services providers say that “Peradventure your server is configured to grant remote database access, a hacker with access to your database credentials can effortlessly add an administrative user to either siphon or delete vital data from your site”.

SecureBlitz advises that you get to change your database password by contacting your host company even if your site does not grant remote database access to avoid getting your sensitive data tampered with by an attacker that has gained access to your database credentials.

RELATED POSTS

WordPress Hardening: 7 Ways to Harden your Website Security

Most Dangerous Websites You Should Avoid in 2020

Hacker leaks over 23 million user data on Webkinz World

How to Secure Your WordPress Website from Hackers

5 Most Common WordPress Attacks in 2020

Delete Me
iolo system mechanic

Subscribe to SecureBlitz Newsletter

* indicates required
Previous article
Risks Of Cryptojacking In Mobile Devices
Next article
Android releases June 2020 Patches for Critical RCE vulnerabilities
Amaya Paucek
Amaya Paucek
Amaya Paucek is a professional with an MBA and practical experience in SEO and digital marketing. She is based in Philippines and specializes in helping businesses achieve their goals using her digital marketing skills. She is a keen observer of the ever-evolving digital landscape and looks forward to making a mark in the digital space.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IMPORTANT LINKS

NAVIGATE

CONNECT

ABOUT US

SecureBlitz is an online media publication that covers tips, how-to advice, tutorials, the latest cybersecurity news, security solutions, etc. for cybersecurity enthusiasts.

Contact us: secureblitz @ gmail . com

FOLLOW US