A group of hackers claiming to be affiliated with ISIS have been targeting WordPress plugins to gain access to user's websites. Hackers have been taking advantage of plugins that leave unchecked gaps in the content management system through a handful of the 37,000 third party-created plugins. As a result, they have been able to gain entry into government and commercial websites, as well as those of religious groups and news organizations.
FBI officials stated that the low-sophistication level of this cyberattack as supporting evidence that ISIS isn't truly involved most likely. But that doesn't take away from the fact that it is an issue that could lead to frustrations for victims given the revenue loss that could come as a result of website blackouts or paying for system repairs to remove any malware.
Two plugins have specifically been named as high-risk for the recent hacks, RevSlider and GravityForms. But specialist stated that this can easily be resolved by updating the plugins to their most recent versions, where no cybersecurity gaps have been found yet.
Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. FireBreak, when your firewall fails.