The FBI has warned of an ongoing cyber campaign by individuals sympathetic to the Islamic State in the Levant (ISIL), targeting a range of different websites, using known vulnerabilities in WordPress.
The bureau warned that the defacements have affected Website operations and the communication platforms of news organisations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Websites.
It seems that the hackers are exploiting WordPress CMS plug-in vulnerabilities. These flaws can allow attackers to take control of an affected system, gain unauthorised access, bypass security restrictions, inject scripts, and steal cookies from computer systems or network servers.
“An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation,” warned the bureau.
The FBI urged firms to apply the available software patches to plug these identified vulnerabilities. Meanwhile it seems that the ISIL defacement of WordPress websites is not the only problem at the moment.
The FBI also issued an alert for an unrelated matter, warning that criminals are hosting fraudulent government Websites in a effort to collect personal and financial information from unwitting Web users.
“Victims use a search engine to search for government services such as obtaining an Employer Identification Number (EIN) or replacement social security card,” said the FBI. “The fraudulent criminal websites are the first to appear in search results, prompting the victims to click on the fraudulent government services website.”
Earlier this year, social media accounts linked to the US military suffered a cybersecurity attack from hackers claiming to support the terrorist Islamic State militant group.
The @CENTCOM Twitter account, representing the US command that oversees operations in the Middle East, was hacked and defaced with messages praising Islamic State.
US President Barack Obama recently created a new sanctions scheme after he signed an executive order that classified malicious cyber attacks as a “national emergency”.
This means that the US Treasury now has the power to freeze assets and bar other financial transactions of entities engaged in cyber attacks. Hackers who conduct commercial espionage in cyberspace can now be listed on the official sanctions list of specially designated nationals.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…