On Tuesday, Researchers at the FBI continue to identify WordPress vulnerabilities as the door through which ISIS hackers are able to spread propaganda.The FBI said that the low-level attacks are from those seeking the notoriety of being associated with ISIS rather than hackers who are actually part of the organized group of Islamic State sympathizers.
Recently groups claiming to be associated with ISIS have attacked US Central Command social media accounts, US news outlets and dozens of random sites in March exploiting WordPress vulnerabilities in the JQuery FancyBox plugin.
The vulnerabilities can allow the hackers to gain unauthorized access, inject scripts or install malware on the affected sites.
According to an advisory published by the FBI’s Internet Crime Complaint Center. The attackers have hit news organizations, religious institutions, commercial and government websites.
The attackers voice support for ISIS, sometimes referred to as ISIL, “to gain more notoriety than the underlying attack would have otherwise garnered,” the FBI said.
A cross-site scripting vulnerability in the plugin could allow an attacker to add a new administrator to a site or inject a backdoor using WordPress’s theme edition tools. As many as a million WordPress sites use the plugin.
If you are using the WordPress Website, follow below mentioned scthe following steps.These are recommended by FBI.
- Review and follow WordPress guidelines:
http://codex.wordpress.org/Hardening_WordPress
- Identify WordPress vulnerabilities using free available tools such as
http://www.securityfocus.com/bid
http://cve.mitre.org/index.html
https://www.us-cert.gov/
- Update WordPress by patching vulnerable plugins:
https://wordpress.org/plugins/tags/patch
- Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack
- Confirm that the operating system and all applications are running the most updated versions
