Every week, we read about another massive breach due to cyberattack. These breaches can cost organizations millions of dollars, subject them to lawsuits, and ruin thousands of lives.
The key to how an attacker gains a foothold inside an organization's network is by being able to -- somehow -- gain access to accounts and computers inside the firewall. This often happens with malware that's inadvertently brought inside the firewall by unsuspecting employees.
That malware can be delivered in a wide variety of ways, from phishing attacks where an insufficiently trained or careless user accidentally opens and runs an email attachment, to visiting a website that downloads information onto an insider's computer.
It's that second mechanism we're going to talk about today. When most of us think about malware-infested websites, we usually think about users who visit inadvisable websites, sites that, frankly, most of us should know better than to visit. Someone visiting a porn site or a smartphone jailbreaking site is, almost by definition, visiting a site that is likely to be operated for nefarious purposes.
But it turns out that a great many innocent websites can be carriers for malware. All it takes is an insufficiently protected directory, an unpatched exploit, a poorly chosen FTP password, or even installing a free (but corrupted) site theme, and your website can become an entry point for a massive malware infection.
What most people don't realize is how sophisticated and, frankly, user-friendly the tools used for cyberattacks can be. In this article, I've included a 10-minute video by the fine folks at Wordfence (a WordPress security firm) that shows how a typical WordPress site can be infected by just two lines of scripting code.
Once those two lines of code execute, they install a complete hacking toolkit that contains 43 separate hacking tools that the hackers can use to further compromise the server. As the video shows, these tools are often browser-based, and work like any other browser-based app.
According to a blog post by Wordfence, after analyzing a recently hacked site, they found what they called a hacking platform, which contained the following tools:
- Complete attack shells that let [hackers] manage the filesystem, access the database through a well designed SQL client, view system information, mass infect the system, DoS other systems, find and infect all CMS's, view and manage user accounts both on CMS's and the local operating system and much more.
- An FTP brute force attack tool
- A Facebook brute force attacker
- A WordPress brute force attack script
- Tools to scan for config files or sensitive information
- Tools to download the entire site or parts thereof
- The ability to scan for other attackers shells
- Tools targeting specific CMS's that let [hackers] change their configuration to host [their] own malicious code
The following video is only ten minutes long, but it shows you just how accessible hacking tools have become. With tools and hacking platforms like these, it might take attackers no more than about ten minutes to gain a complete hold on your site.
This video illustrates why it's just so important to update your sites, plugins, and themes frequently. Hackers who discover vulnerabilities can use them to get inside your site. Once they do, they can use your site as a malware delivery platform that can help them breach other sites and organizations.
- WordPress malware: Don't let too-good-to-be-true deals infest your site
- WordPress: is it safe to use for my websites?
- One of my sites got hacked, and it's my own fault