Luxury sports car maker Ferrari is in the news again after officially acknowledging that their website was exposed to cyber-attacks from hackers. In March 2023, researchers at cybersecurity company Char49 discovered a vulnerability in the ‘media.ferrari.com’ domain which is powered by WordPress and is running an outdated version of the plugin W3 Total Cache. The plugin has been installed on more than a million websites. The flaw CVE-2019-6715 could be exploited allowing cybercriminals to read arbitrary files. Hackers could then access information that is stored in the ‘wp-config.php’ file that holds WordPress database credentials in clear text.
According to Char49’s David Sopas, the attackers could have used the vulnerability to access other files on the web server, containing information that is of value to them. The security professionals at Char49 found that the vulnerability allowed them to obtain the ‘wp-config.php’ file which could allow an attacker to gain information connected to the media.ferrari.com domain. Sopas emphasized the risk to all websites, highlighting the significance of high-profile companies like Ferrari taking broad cybersecurity measures to ensure none of their systems are vulnerable.
Ferrari Becomes Vulnerable
In March 2023, Ferrari confirmed that they fell victim to a ransomware attack in which hackers stole customer data. After security professionals at Char49 stepped in, the weakness in the Ferrari website was addressed within a week. Both these incidents raise concerns about counterfeiters operating outside of Ferrari, selling counterfeit Ferrari products including clothing, accessories, and other merchandise. Experts believe that hackers can exploit vulnerabilities in various companies’ e-Commerce systems, such as the payment gateway, customer data exchange or access, and other internal data. In contrast, the recent Ferrari attack cannot be linked to the compromised customer data stolen in the ransomware incident.
Conclusions
In conclusion, it’s becoming evident that even high-end companies like Ferrari are vulnerable to hacking and the theft of data. The incident highlights the importance of implementing security protocols and best practices, namely, running system updates regularly, keeping software up to date with the latest versions, regularly testing the website’s defense measures, and performing comprehensive cybersecurity risk assessments.
Recommendations
The companies and WordPress administrators should keep reviewing their software and adopt a multi-layered defense system to help detect and prevent any vulnerability exploitation attempts. The high-profile organizations like Ferrari can be at high risk, as they attract much attention from attackers. Above all, companies should seek expert advice from cybersecurity firms to remain protected from various cybersecurity threats and hacks. Coordinated efforts from companies and industry experts could considerably decrease the numbers of systems that fall prey to cybercrime.
<< photo by Pixabay >>
