Analysis: The popular CMS has become a prime target, here’s why.
The recent hack of the Reader’s Digest website was the latest in a growing line of security incidents on websites built on the popular WordPress Content Management System (CMS).
David Emm, senior security researcher at Kaspersky Lab, said of the attack: "This year there’s been a number of situations with WordPress actually. It certainly wouldn’t be the first time."
Jérôme Segura of Malwarebytes, who uncovered the Readers’ Digest hack, told CBR that the attack itself was not even very sophisticated. "It’s leveraging vulnerabilities in WordPress that have never been patched," he said.
Emm says that there have been "a couple of instances with cross site scripting exploits and I think there’s sort of two aspects to that.
"Firstly if the browser is not up to date, and secondly if they’re not using filtering tools to actually prevent use of the exploit.
"If it’s not filtering user input and it’s allowing the full range of user input then it’s possible actually for an attacker to input HTML into one of those sites, which means somebody else visiting the site, their code executes along with the rest of the web page. So it is possible to filter that down, by limiting what user input is allowed."
With the Readers’ Digest hack specifically, Segura says that "a script was injected into the site" on the WordPress platform. "It’s kind of a three step scenario where you have a piece of code within the Readers’ Digest site, which calls onto an external URL, and that one is acting as an intermediary to the exploit kit. It’s a very simple chain but the pattern are very similar so it was fairly simple to recognise it as distinct because it was using the same patterns."
Ultimately, WordPress might be a victim of its own success. "The key thing with any piece of code that is commonly used is that you have a pretty wide potential pool of victims, and the other thing is that there’s a strong likelihood with a lot of potential victims that some of them may not have taken steps to secure themselves ," says Emm.
"Wordpress….Joomla these are very popular CMSs, and they’re going to be targeted," says Segura. "I think the problem is in a lot of cases how people use those platforms, use poor security", he adds.
Consequently, both experts think a lot of responsibility lies with individual users, who need to better protect themselves. " A few of the site owners that i’ve spoken to, not the Readers Digest, admitted they were late on patching and their site got hacked," say Segura.
Open source CMSs like WordPress have fantastic flexibility, which makes them incredibly popular. It might not entirely be their fault, but it gives hackers lots of opportunities to take advantage. Until people take responsibility for their own sites, that problem will never go away.