On Tuesday, the Federal Bureau of Investigation reported that hackers sympathizing to the Islamic State in the Levant (ISIL), a.k.a. Islamic State of Iraq and al-Shams (ISIS) are targeting WordPress plugin vulnerabilities.
The content management system promises that your site is well-protected on WordPress.com, “We monitor potentially harmful activity to ensure there is no unauthorized access to your content.”
Currently, 37,000 plugins exist for WordPress, and if one of them has security vulnerability, it could compromise a large number of websites.
The Attackers
ISIS sympathizers are believed not to be members of the ISIS terrorist organization. They are hackers using low-level defacements and utilizing the ISIL simply to gain more notoriety.
They have infected websites of news organizations, religious institutions, federal/state/local and foreign governments and many more, according to FBI. FBI also state that the level of the threats is not sophisticated, but they are enough to cause revenue loss and expenses for system repair to businesses.
The Vulnerabilities
Although some of the identified vulnerabilities already have software patches available, the exploitation of them allows cyber criminals to gain remote access of your system, inject malicious software, steal cookies, manipulate data and what not.
According to FBI, the utilized methods for defacements clearly show that the hackers are not targeting individual websites by name or business type. The only common thing among all victims is that they share the same plugin vulnerabilities which are easily exploited by commonly used hacking tools.