ISIS Exploiting Wordpress Vulnerabilities

On April 7th 2015 FBI reported that numerous Web site defacements have being perpetrated by ISIS sympathizers. Affected list of websites include news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites.

Hackers exploited known WordPress plug-in vulnerabilities, which allowed them to take control of an affected system.

Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation.

FBI identified methods to exploit technical vulnerabilities to be pretty unsophisticated and easily available trough basic hacking tools.

All of the following hacks can be avoided by establishing and practicing proper IT security policies that include regularly applying security patches and hardening all public facing and mission critical systems based on industry accepted hardening standards.