Attackers Targeting Abandoned and Barely Maintained Websites for Phishing
Introduction
According to a study by cybersecurity firm Kaspersky, attackers are increasingly targeting abandoned and poorly maintained websites to host phishing pages. The study found that phishers often focus on WordPress sites due to the high number of vulnerabilities in the widely used content management system and its plugins. As a result, thousands of compromised WordPress websites have been used to host phishing pages, leading to a significant number of attempted visits by users.
The Scope of Compromised Websites
Between mid-May and the end of July, researchers at Kaspersky identified 22,400 unique WordPress websites that had been compromised by threat actors. These websites included both those that provided open access to the control panel and those that were breached through vulnerability exploits and credential theft. Kaspersky detected over 200,000 attempts by users to access phishing pages hosted on these compromised websites. The report highlights that hackers target both neglected and actively maintained websites, with a preference for smaller websites that may not immediately detect their presence.
The Success of Phishing as an Attack Vector
Phishing continues to be one of the most popular methods for attackers to gain initial access because of its proven success rate. The key to this success lies in the ability of attackers to create convincing websites and pages that users trust enough to share their credentials and sensitive information. In order to improve their deception, phishing operators often leave a compromised website’s main functionality intact while publishing phishing pages in new directories that are not accessible through the website’s menu.
Long Neglected Websites and Extended Attack Lifecycles
Long neglected websites are particularly attractive to attackers as phishing pages can remain active on them for extended periods. This is especially significant given the relatively short lifespan of typical phishing pages. Kaspersky’s previous analysis showed that 33% of phishing pages became inactive within a single day of going live, with many becoming inactive within the first few hours. Attackers find compromising abandoned websites easy due to the security vulnerabilities present in the environment. In the case of WordPress sites, thousands of vulnerabilities were disclosed in the past year alone, including cross-site scripting, authorization bypass, SQL injection, and information disclosure.
Attack Techniques and Implications
Once an attacker gains access to a WordPress site via a vulnerability, they often upload a WSO Web shell, which grants them complete remote control over the website. Attackers then proceed to break into the compromised website’s admin panel and add fake pages to it. They use the control panel to store stolen credentials, bank card data, and other sensitive information that users may be tricked into entering on the website. When access to the control panel is left open, anyone on the internet can gain access to this data.
Advice for Website Operators
Kaspersky has provided some tips for WordPress website operators to identify if their website has been hacked and is being used to host phishing pages. Regular monitoring of website logs, installation of security plugins, and timely updates of WordPress and its plugins are crucial to maintaining website security. Implementing two-factor authentication and strong passwords for admin accounts can also significantly reduce the risk of unauthorized access.
Conclusion
The increasing targeting of abandoned and poorly maintained websites for hosting phishing pages highlights the need for improved website security and maintenance practices. Website owners must prioritize regular updates, strong passwords, and the use of security plugins to protect themselves and their users from cybercriminals. As phishing attacks continue to evolve and become more sophisticated, staying vigilant and proactive in maintaining website security is of utmost importance in the age of online threats.
Keywords: Cybersecurity, WordPress, Cybercrime, Phishing, Website Security, Abandoned Websites, Online Threats, Internet Security, Hacking, Data Breach
<< photo by Mati Mango >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- Advancing Equality in CyberSpace: WiCyS Empowers Women in Fifth Annual Virtual Career Fair
- Why Locking Down APIs is Crucial for Preventing Data Breaches
- Declining Russian Clout: Implications of the Russian-African Security Gathering
- Exploring the Enhanced Features of NIST Cybersecurity Framework 2.0
- Colorado Health Agency’s Moveit Hack Stuns with Impact on 4 Million – An Editorial Examination
- Q&A: The Power of Collaboration in Combating Cyber Scammers
- The Global Battle Against Cybercrime: Interpol Takes Down ’16shops’
- The Rise of QwixxRAT: Unleashing a New Era of Remote Access Trojan Attacks
- 800,000 Sites Vulnerable: Exploring the Multiple Flaws Uncovered in Ninja Forms Plugin
- WooCommerce Vulnerability Exposes Countless Websites to Potential Attacks
- Mozilla Introduces Innovative Feature to Safeguard User Security by Blocking Risky Add-Ons on Specific Websites
- Unraveling the Weave: Safeguarding Your Identity Against Threats
- Why Browser Security Must Evolve to Combat Sneakier Phishing Attacks
- The Rise of Cyberattacks: Hawaii’s Gemini North Observatory Targeted and Suspended
- Why Shellshock’s Longevity Makes It an Ongoing Cybersecurity Menace
- Apple Strikes Back: New Rules to Combat Fingerprinting and Data Misuse
- Why MikroTik RouterOS Vulnerability Puts 500,000 Devices at Risk of Hacking
- Preparing for the Next Frontier: US Cyber Safety Board to Assess Cloud Attacks
- The Alarming Consequences of the Cl0p MOVEit Breach: Massive Health Data Theft in Colorado
