Potential Security Flaw In Obsolete CMS and Plugins Left Millions of Users Vulnerable To Ransomware.
More than 142 million websites have been using outdated Content Management System (CMS) software and plugins that could be exploited by hackers to serve ransomware by injecting malicious scripts into those websites and then redirect the website visitors to the Neutrino Trojan exploit kit server, according to the security research conducted by the researchers at IT security firm Heimdal Security.
The security experts found out that the attack could easily be conducted by scientifically compromising websites that are either running out-of-date Content Management System (CMS) or obsolete plugins. The CMS that is specifically vulnerable to be targeted is WordPress while the potential outdated plugins include Adobe Flash Player, Internet Explorer and Adobe Reader.
According to the figures and statistical data provided in a blog post by Andra Zaharia, Marketing and Communication Specialist at Heimdal Security, WordPress CMS is used by over 58.7% of all the inspected websites, which equals to about 24.3% of all the websites that exists on the Internet.
She further added that there are over one billion websites, which brings in a figure of over 142 million potential vulnerable websites. Additionally, she noted that around 20% of WordPress based websites are running an outdated version of the content management system.
According to Heimdal Security:
“Attackers are using Neutrino EK to exploit vulnerabilities in Adobe Flash Player, Internet Explorer and Adobe Reader / Acrobat to infect victims’ systems with Teslacrypt ransomware.”
Maybe that’s the reason why WordPress version 3.7 got a functionality to automatically update the WordPress based blogs to the latest stable public release, in an attempt to enhance security and this new addition also informs the administrator about the update via email message.
However, the research found out that those websites that are running the up-to-date version of WordPress could be exploited using Neutrino EK if they lack appropriate security settings or they are running an outdated version of vulnerable plugins.
In total, every month more than 409 million WordPress blog readers come to the websites to read content published by the sites, leaving all of them potentially exposed to the ransomware. And since the vulnerability exists within plugins too, so the total number of potential users could be much greater.
Over 24 exploited websites, in Denmark alone were detected by the security experts that are delivering the payload through malicious script injection.
The security researchers have concluded that most of the antivirus applications are not advance enough yet to detect and stop these ransomware attacks. They said, specifically Teslacrypt ransomware attack was only detected by 10 out of 56 antivirus programs during the tests.
Zaharia also emphasized that the Internet users should opt for secure and up-to-date web browsers, and should use supplementary security tools like antivirus software to further protect their computer system as well as their data from the ever-increasing ransomware threats.
Suggest ideas, report typos and corrections to [email protected]