fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

WordPress Sites are Being Hacked in Fake Ransomware Attacks

WordPress Sites are Being Hacked in Fake Ransomware Attacks

A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration.

These ransom demands come with a countdown timer to induce a sense of urgency and possibly panic a web admin into paying the ransom.

While the 0.1 bitcoin (~$6,069.23) ransom demand is not particularly significant compared to what we see on high-profile ransomware attacks, it can still be a considerable amount for many website owners.

Also Read: How often should you pen test?

Bogus site encryption message
Bogus site encryption message
Source: Sucuri

Smoke and mirrors

These attacks were discovered by cybersecurity firm Sucuri who was hired by one of the victims to perform incident response.

The researchers discovered that the websites had not been encrypted, but rather the threat actors modified an installed WordPress plugin to display a ransom note and countdown when 

WordPress plugin used to display ransom notes and countdown
WordPress plugin used to display ransom notes and countdown
Source: Sucuri

In addition to displaying a ransom note, the plugin would modify all the WordPress blog posts and set their ‘post_status’ to ‘null,’ causing them to go into an unpublished state.

As such, the actors created a simple yet powerful illusion that made it look as if the site had been encrypted.

By removing the plugin and running a command to republish the posts and pages, the site returned to its normal status.

Also Read: What is a data protection officer? Through the lens of a Master DPO

Upon further analysis of the network traffic logs, Sucuri found that the first point where the actor’s IP address appeared was the wp-admin panel.

This means that the infiltrators logged in as admins on the site, either by brute-forcing the password or by sourcing stolen credentials from dark web markets.

This was not an isolated attack but instead appears to be part of a broader campaign, giving more weight to the second scenario.

As for the plugin seen by Sucuri, it was Directorist, which is a tool to build online business directory listings on sites.

Sucuri has tracked approximately 291 websites affected by this attack, with a Google search showing a mix of cleaned-up sites and those still showing ransom notes.

All of the sites seen by BleepingComputer in search results use the same 3BkiGYFh6QtjtNCPNNjGwszoqqCka2SDEc Bitcoin address, which has not received any ransom payments.

Protecting against site encryptions

Sucuri suggests the following security practices to protect WordPress sites from being hacked:

  • Review admin users on the site, remove any bogus accounts, and update/change all wp-admin passwords.
  • Secure your wp-admin administrator page.
  • Change other access point passwords (database, FTP, cPanel, etc).
  • Place your website behind a firewall.
  • Follow reliable backup practices that will make restoration easy in the case of a real encryption incident.

As WordPress is commonly targeted by threat actors, it is also important to make sure all of your installed plugins are running the latest version.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us