FakeUpdates Malware Campaign Targets WordPress – Millions of Sites at Risk

WordPress websites are under attack! FakeUpdates malware exploits vulnerabilities and injects malicious code. LockBit3 dominates the world of ransomware. Web server flaws leave organizations exposed. Experts advocate strong security and zero tolerance for cyber threats.

As of March 2024, approximately 835 million websites are utilizing the WordPress Content Management System (CMS). This vast presence makes WordPress an extremely lucrative target for cybercriminals.

To highlight the ongoing threats to WordPress, according to the February 2024 Global Threat Index released by Check Point Software Technologies Ltd., this week, researchers have uncovered a fresh wave of cyber threats including malware attacks aimed at WordPress websites.

The campaign, identified as FakeUpdates or SocGholish, involved compromising WordPress sites through hacked admin accounts. The malware employed various tactics, including modified versions of legitimate WordPress plugins, to infiltrate websites and deceive users into downloading a Remote Access Trojan.

Despite efforts to combat it, FakeUpdates has persisted since at least 2017, posing a significant threat to website security. Some of the attack’s examples are previously identified incidents targeting products like Windows and Chrome browsers.

In the attack, the malware primarily targets websites with content management systems, aiming to trick users into downloading malicious software. Associated with the Russian cybercrime group Evil Corp, FakeUpdates is believed to generate revenue by selling access to infected systems.

As per the research shared with Hackread.com ahead of publication on Monday, Maya Horowitz, VP of Research at Check Point Software, emphasized the importance of protecting websites from cyber threats.

She highlighted the critical role websites play in modern society and the potential consequences of malware attacks on online presence and reputation. Horowitz stressed the need for proactive measures and a zero-tolerance approach to cybersecurity threats.

LockBit and Ransomware

Check Point’s Global Threat Index also revealed insights into ransomware activities, including data from approximately 200 ransomware “shame sites” operated by double-extortion ransomware groups.

Lockbit3, despite its shutdown, not only returned also but remained the most prevalent ransomware group in February, responsible for 20% of reported incidents. Play and 8base followed closely, with 8% and 7% of incidents, respectively. Play, which entered the top three for the first time, was responsible for a recent cyberattack on the city of Oakland.

Additionally, the report highlighted the most exploited vulnerabilities globally in February. The “Web Servers Malicious URL Directory Traversal” vulnerability affected 51% of organizations, followed by “Command Injection Over HTTP” and “Zyxel ZyWALL Command Injection,” each impacting 50% of organizations.

Protect Your WordPress Website

Here are 6 important tips to protect your WordPress website:

Strong Login Credentials:

Always use a strong and unique password for your WordPress admin account. Avoid using easily guessable information like your name, birthday, or pet’s name. Consider using a password manager to generate and store strong passwords for all your online accounts. Enable two-factor authentication (2FA) for an extra layer of security. This requires a second verification code, typically sent to your phone, in addition to your password when logging in.

Regular Updates:

Regularly update your WordPress core, themes, and plugins. Updates often contain security patches that address newly discovered vulnerabilities. You can enable automatic updates in the WordPress dashboard to ensure your website stays up-to-date.

Security Plugins:

Consider installing a security plugin to add additional layers of protection to your website. These plugins can help monitor your website for malware, block suspicious activity, and protect against brute-force login attempts.

Backups:

Regularly back up your website files and database. This will allow you to restore your website to its previous state if it is compromised by a cyberattack. There are several plugins available that can automate the backup process.

Limit User Access:

Only grant users the minimum level of access they need to perform their tasks. For example, if a user only needs to edit blog posts, there is no need to give them administrator privileges.

Secure Hosting Provider:

Choose a reputable web hosting provider that prioritizes security measures. While choosing a hosting service, always look for features like the following:

Regular security audits and vulnerability assessments. Automatic malware scanning and removal. Firewalls and intrusion detection systems. Secure data centres with physical and digital access control.

RELATED TOPICS

Fake Lockdown Mode Exposes iOS Users to Malware Attacks Fake Skype, Zoom, Google Meet Sites Infect Devices with RATs The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads Hackers on WordPress Websites Hacking Spree with Balada Malware Fake Resumes, Real Malware: TA4557 Exploits Recruiters for Backdoor