NEWS
NEWS
NEWS
Allahu Akbar: FBI warns WordPress installs being targeted by Islamic State supporters
The Federal Bureau of Investigation (FBI) has posted an official warning to users of Automattic Inc.’s WordPress content management system (CMS) to make sure their installs are up-to-date following repeated cases of the Islamic State (also known as ISIL and ISIS) hacking un-updated WordPress blogs.
The warning states that defacements have affected sites and communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites.
The FBI adds that while the defacements demonstrate low-level hacking sophistication, they are disruptive and may be costly in terms of lost business revenue, as well as the cost to repair systems that have been hacked.
Tech specs
Although not specifically detailing which parts of WordPress installs are vunerable, the Bureau does say that plugins could allow “malicious actors” to take control of an affected system.
Successful exploitation of the vulnerabilities is said to potentially result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers.
Although primarily currently resulting in website defacements with pro-Islamic State (and related entities) messages, it is further warned that an attacker could install malicious software; manipulate data, or create new accounts with full user privileges for future Web site exploitation.
On the (somewhat) positive side, the FBI says that it doesn’t believe that WordPress blogs are being targeted by the Islamic State directly, versus those who are sympathetic to the rampage, murder, and medieval level of barbarity currently occurring in Syria and Iraq.
“These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered” the warning notes.
Naturally if you are running a self-hosted install of WordPress, the advice is, as always, to practice safe internet.
Make sure your WordPress install is up-to-date, and then check to see if your plugins are as well. If you’ve purchased plugins privately that aren’t available through the WordPress.org website, check back with the sites you have purchased them from to see if there are any new updates, as some often won’t warn you through the WordPress console that an update is available, let alone recommended for security reasons.
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
