At the beginning of 2013 the exploitation of CMS systems such as Joomla and WordPress were on the rise, and the trend continues. Common setups and non QA’d (Quality Assured) plug-ins combined with rapid development all contribute to make CMS the perfect target to exploit.
Packages like Joomla and WordPress (our focus) are popular because of their ease of use. This ease of use and rapid plug-in development doesn’t come without some inherent hidden dangers.
Once identified, vulnerabilities in one of these popular CMS systems are normally an “exploit once, repeat many” approach. Hence, websites with these vulnerabilities are taken advantage of and utilized quickly by corrupt cyber criminals, generally for the following reasons:
- Wide spread use of the software – More than 50% of WordPress installations are considered to have an exploit according to various research.
- The standardization and automation ability – From an attackers perspective this is a quick way to expand his BOT net.
There are two main parties affected by such a security breach, the website and the website’s visitors.
The main use of this WordPress software is in the SMB (Small business) bracket. This is most likely due to the fact that WordPress is an easy to use and feature rich CMS system, which can be used without being technically adept. SMB businesses are not the only ones affected by this but are generally the least savvy with securing their website.
Users connecting to the exploited website will also become potential targets. The reason being, the attacker will likely leave malware embedded in the website and will try to infect each user connecting to it.
What’s the impact and why should In care?
The reason hackers and cybercriminals want to exploit your CMS system isn’t necessarily only to steal all your user accounts and data, but also to infect users (with malware) whom connect to the site. Once the unsuspecting user is infected with malware he is added to a BOT to be exploited at the malware commanders (Master of the BOT’s) will. This usually includes things like credit card theft, extracting private information or being activated to take part in a DDoS attack or other malicious activity.
IMPACT for WEBSITE owners who are HACKED:
- Being identified by Google and other software as a malicious site which leads to a drop in traffic
- Decline in sales
- Loss of customer confidence
- Potential lawsuits
- Time loss
IMPACT for USERS infected with MALWARE:
- Financial loss
- Privacy loss
- Potential identity theft
- Time loss
No matter how large or small your business is, if you are affected by any of the above, you will soon have a serious crisis management situation!
HOW to prevent being an EASY TARGET!
Security is getting the basics right. If you only do one thing to harden your CMS system, do the following:
- FOLLOW the VENDORS guidelines on SECURITY hardening
By following the default recommendations on hardening you particular CMS (Below are 2 popular CMS systems), you avoid being an EASY TARGET:
The default recommended guidelines from any CMS vendor normally include the following tasks:
- Changing default usernames and passwords
- Disable debugging
- Remove unnecessary installation files and change permissions on system files
- Remove unnecessary information Disclosure
- Protect various files and directories
- Keep your software and plug-ins up to date
Even though the above seems trivial obvious, thousands of systems worldwide do not implement this. This was noted earlier this year in yet another malware outbreak; “Fort Disco” successfully exploited at least 25000 Windows (Users) machines and over 6000 websites!
By following these relatively simple to implement steps given above combined with a couple of hours of your time, you will significantly increase the security posture of your website.
It’s not only expensive pieces of hardware like Firewalls, Web Application firewalls (WAF’s), Intrusion prevention systems (IPS) that increase your security. With these steps implemented the hacker is more likely to move on to another more easily exploitable system.
The best way to make sure you don’t fall victim to this and other similar more advanced security issues is to have regular “VULNERABILITY SCANNING” done on your website. This gives you peace of mind and saves you valuable time and money in knowing that you will not be the EASY TARGET!