16,000 WordPress Websites Compromised

This week we hear how 16,000 WordPress Websites Were Compromised and that an iSpy Keylogger is on Sale for $25

Breach

16,000 WordPress Websites Compromised

WordPress, the most popular content management system in the world, continues to lead the number of infected websites. Approximately 16,000 websites have been compromised this year alone. The majority of the websites breached, about three quarters of them, were backdoored meaning hackers were able to gain a new way of loading malicious payloads, target visitors and use websites for other attacks. However, hackers also commonly take advantage of out-of-date software, and researchers found that WordPress installations were out-of-date 55% of the time.

References: 16,000 WordPress Sites Have Been Hacked | Safe Browsing Checks Fail as 16,000 WordPress Sites Hacked This Year | Hackers Compromise Nearly 16,000 WordPress Websites

 

Mitigation Strategies:

  • Web application protection to detect suspicious web traffic
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Log management could detect any suspicious user account activity
  • Vulnerability scanner to identify any potential vulnerabilities in the environment

Malware

iSpy Keylogger on Sale for $25

A new keylogger, iSpy, is available for sale on the dark web for $25, $35 or $45, depending on which package you want. It captures keystrokes, passwords stored in web browsers, records Skype chats, takes webcam screen shots and steals the license keys of software, such as Microsoft Office and Adobe Photoshop. iSpy is distributed like many other malware tools, malicious attachment in spam email. In addition, it supports features designed to make it difficult to detect and delete it. 

References:  iSpy Keylogger Can Be Leased For The Low, Low Price Of $25 | iSpy Keylogger Targets Passwords, Skype, Webcams | Zscaler Warns Of New iSpy Commercial Keylogger

Mitigation Strategies:

  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites
  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition

Top 20 Malicious IP Addresses

188.118.2.26 46.109.168.179
81.183.56.217 118.170.130.207
188.226.223.98 128.199.210.55
107.170.216.157 87.222.67.194
114.44.192.128 183.60.48.25
31.184.192.173 5.196.126.82
125.212.234.110 187.85.9.213
62.210.180.230 109.60.153.178
110.169.151.238 112.134.217.173
212.83.188.250 79.173.253.116

*IP addresses provided by Recorded Future.