ƒ

HOME
Breaking News

WordPress sites compromised by Password-cracking botnet

by VARINDIA 2024-03-09
WordPress sites compromised by Password-cracking botnet

Denis Sinegubko, the cybersecurity researcher, has been keenly monitoring website hacking activities for quite some time, according to a report. He has recognized a shift from crypto wallet drainers to brute-force password-cracking attacks on WordPress sites. Why is this happening, what does it mean, and what can you, as an end user, do?

 

In February, Sinegubko in a blog discussed an increase in "web3 crypto malware," particularly malware used to inject crypto drainers into existing sites or use phishing sites for the same purpose.

  

The new attack methods function in a different way and utilize visitors' PCs for en masse password cracking attempts. This reason behind this is likely because it will take a very long time for the active "crypto drainers" to actually turn a profit, if they even manage to do so before getting blocked.

 

 As Sinegubko says, "This is how thousands of visitors across hundreds of different websites unknowingly and simultaneously try to bruteforce thousands of other third-party WordPress sites. And since the requests come from the browsers of real visitors, you can imagine this is a challenge to filter and block such requests."

 

Any infected WordPress site can have its visiting users (or their browsers) put to automated work on guessing author or admin passwords for other WordPress sites. Attackers are estimated to be guessing, with over 41,800 passwords for each impacted site. However, only one of the thousands of sites checked in the original Securi blog post was compromised with this method.

 

To avoid this, the users need to secure the passwords and if you don't trust the website you're visiting, NoScript can be an essential solution to prevent these types of exploits.  

 

For WordPress admins and those concerned about this, verify that none of your passwords, especially system-critical passwords, are default or lazily set in any way. Proper password practice and firewalling your WordPress admin page and "xmlrpc.php" file are the recommended solutions for WP site owners who want to get ahead of this.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Accops bags ‘Security Product Company of the Year’ award at DSCI 2024

Accops bags ‘Security Product Company of the Year’ award at DSCI 2024

Trend Micro Forecasts Rise of Deepfake-Powered Malicious Digital Twins

Trend Micro Forecasts Rise of Deepfake-Powered Malicious Digital Twins

Fortinet elevates web application security and performance with FortiAppSec Cloud

Fortinet elevates web application security and performance with FortiAppSec Cloud

SOFTWARE
View All
GitHub announces a new free tier for GitHub Copilot in VS Code

GitHub announces a new free tier for GitHub Copilot in VS Code

Pic2Alt announces AI-driven SaaS for Alt Text generation

Pic2Alt announces AI-driven SaaS for Alt Text generation

UiPath named leader in Everest Group IA Platforms PEAK Matrix 2024

UiPath named leader in Everest Group IA Platforms PEAK Matrix 2024

START - UP
View All
Zoho enhances YCP with AI learning and ‘Train the Trainer’ module

Zoho enhances YCP with AI learning and ‘Train the Trainer’ module

TiE Global Summit 2024: A Global Gathering of Entrepreneurs

TiE Global Summit 2024: A Global Gathering of Entrepreneurs

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
COLORFUL rolls out iGame Shadow DDR5 memory series

COLORFUL rolls out iGame Shadow DDR5 memory series

Micromax and Phison introduce MiPhi for next-gen NAND storage

Micromax and Phison introduce MiPhi for next-gen NAND storage

India surpasses US, Canada in malware targets

India surpasses US, Canada in malware targets

Banks Need a Strategic Approach to Combat Mule Accounts

Banks Need a Strategic Approach to Combat Mule Accounts

The Future of Data Agents in Enterprise AI

The Future of Data Agents in Enterprise AI

Quantum Computing To Reshape Financial Services

Quantum Computing To Reshape Financial Services

GlobalLogic and Nokia to accelerate innovation in 5G enterprise solutions

GlobalLogic and Nokia to accelerate innovation in 5G enterprise solutions

U.S. Officials Urge Americans to Switch to Encrypted Apps After Major Cyberattack

U.S. Officials Urge Americans to Switch to Encrypted Apps After Major Cyberattack

India has no plans for de-dollarisation

India has no plans for de-dollarisation

AI/ML: Revolutionizing Policing and Forensics

AI/ML: Revolutionizing Policing and Forensics