According to security researcher Daniel Cid, at least 15,769 WordPress websites have been compromised this year by cyber-attackers who were able to evade Google’s Safe Browsing checks.
WordPress is the most popular content management system in the world, used by consumers and businesses to create and publish blogs. To conduct the research needed for the second 2016 Sucuri report on compromised web properties, 21,821 sites were studied with the majority of them using WordPress to manage and publish their content. The report also found that 3099 Joomla! sites were hacked during that time as well.
Almost three quarters of the compromised sites in the Sucuri report all shared one characteristic, they were backdoored. By placing a backdoor on these sites, hackers gained a new way of loading malicious payloads, targeting visitors and in the future these same sites could be used for further attacks.
Backdoors are often quite difficult for web integrity scanners to detect which makes them a useful tool for hackers. Google was able to blacklist 52 percent of the compromised sites found while Norton Safeweb managed to find 38 percent and McAfee SiteAdvisor found only a disappointing 11 percent of the hacked sites.
Cid offered further insight into these compromised sites, saying: “A hacked site can have multiple files modified with different families of malware in them. It depends on the attacker’s intent or goal in how they plan to leverage their new asset. This report confirms what is already known; vulnerable software continues to be a problem and is the leading cause of today’s website hacks”.
Hackers first gained access to a number of the compromised sites through poorly secured extensions but over half of the WordPress sites were hacked as a result of a content management system that did not receive regular updates.
By Anthony Spadafora