HomeNews & updatesResearchers find malicious plugins on 25,000 WordPress sites - SiliconANGLE News

Researchers find malicious plugins on 25,000 WordPress sites – SiliconANGLE News

UPDATED 19:11 EDT / AUGUST 29 2022
by Duncan Riley
A new study from Georgia Institute of Technology researchers has found malicious plugins installed on some 25,000 WordPress websites.
The researchers analyzed backups from over 400,000 web servers and found 47,337 malicious plugins across 24,931 unique WordPress sites using a web development tool named “YODA.” Every compromised website in their dataset had two or more infected plugins and 94% of the plugins were found to be active.
Using the YODA tool, the researchers could also trace the malware used in the WordPress plugins back to its source, George Tech College of Computing reported Aug. 26. The malware was found to be being sold on the open market or distributed on pirating sites, with the malware injected into the website by exploiting a vulnerability and, in most cases, infecting the WordPress site after the plugin was added to WordPress.
In some cases, the malicious plugins were found to be impersonating benign plugins offered through legitimate marketplaces, sometimes as a trial option on paid plugin sites.
The malicious plugins were also found to attack other plugins on the servers with WordPress installed to spread the infection. The most common forms of exploitation were cross-plugin infection or infection by exploiting existing vulnerabilities.
The researchers noted that while the malicious plugins can be damaging, owners can take action, such as purging the malicious plugins and reinstalling malware-free versions that have been scanned for vulnerabilities.
“If an organization absolutely must utilize WordPress, plugins should be thoroughly vetted by experienced development and security teams before being utilized in a production environment,” Cory Cline, senior cybersecurity consultant at application security provider nVisium LLC, told SiliconANGLE. “This is made easier thanks to the fact that WordPress plugins are all written in PHP and can have their source code reviewed at will by anybody who wishes to do so.”
Cline added that the impact of implementing a WordPress plugin that has not been properly vetted could be nonexistent if the plugin is not malicious and does not contain any known vulnerabilities. “However, a malicious WordPress plugin could ultimately lead to a full takeover of any affected WordPress instances,” he said.
Sounil Yu, chief information security officer at cyber asset management and governance solutions provider JupiterOne Inc., noted that this is a problem not only with WordPress but with any software that leverages plugins, integrations and third-party applications, or PITAs.
“Vetting PITAs is problematic because there are thousands of these PITAs with no clear provenance, testing results, or data flow diagrams,” Yu explained. “Security teams have rudimentary approaches, most often giving a cursory look. Similar to app stores managed by Apple and Google, more vetting needs to be done by the marketplaces to ensure that malicious PITAs do not create problems for their customers.”
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Industrializing the Kubernetes platform at Kubecon 2022
Google updates its Skaffold code deployment tool with new automation features
Notebook Labs raises $3.3M to build privacy-focused identity infrastructure for Web3
Amazon to open new internet satellite factory
Twitter to experiment with displaying NFT market listings in tweets
Symantec researchers find new hacking tools used in stealthy ‘Cranefly’ campaign
Industrializing the Kubernetes platform at Kubecon 2022
CLOUD – BY GUEST AUTHOR . 17 MINS AGO
Google updates its Skaffold code deployment tool with new automation features
CLOUD – BY MARIA DEUTSCHER . 8 HOURS AGO
Notebook Labs raises $3.3M to build privacy-focused identity infrastructure for Web3
BLOCKCHAIN – BY KYT DOTSON . 10 HOURS AGO
Amazon to open new internet satellite factory
EMERGING TECH – BY MARIA DEUTSCHER . 11 HOURS AGO
Twitter to experiment with displaying NFT market listings in tweets
BLOCKCHAIN – BY KYT DOTSON . 12 HOURS AGO
Symantec researchers find new hacking tools used in stealthy ‘Cranefly’ campaign
SECURITY – BY DUNCAN RILEY . 18 HOURS AGO
Forgot Password?
Like Free Content? Subscribe to follow.

source

- Advertisment -


Most Popular

- Advertisment -