Weak plugins, the plague of CMS

According to a new study, weak plugins, extensions, and default settings are responsible for a high rate of website penetration.

Content management systems (CMS) are frequently used to publish content to websites and online services, including e-commerce stores, and to facilitate management and publishing for web administrators.

Plugins and extensions add additional functionality to websites and can provide everything from contact forms and SEO optimization to maps, photo albums and payment options. So it is very popular, but if it is weak, its use can lead to the risk of hijacking entire websites.

Plugin, Achilles heel for websites

The 2021 Sucuri Website Threat Research Report (.PDF) examines these questions in depth by focusing on the use of content management systems, including WordPress, Joomla, and Drupal.

According to the researchers, vulnerable plugins and extensions are “responsible for more website hacks than legacy CMSs.” About half of the website intrusions registered by the company’s customers occur in a domain with an updated CMS.

Malicious actors often rely on legitimate but compromised websites to host malware, credit card data that steals scripts, or to distribute spam. According to Sucuri, websites with a “weak plugin or other extension” are more likely to be exploited in this way.

“Even a completely updated and patched website can suddenly become vulnerable if an element of the site has a vulnerability and steps are not taken quickly to fix it,” the researchers comment.

Additionally, webmasters leaving their websites and dashboards in default configurations poses a significant risk, especially when Multi-Factor Authentication (MFA) is not implemented or not enabled.

backdoors, scrapers and spam

The report lists the most common types of malware found on hacked websites. At the forefront are backdoors, which are forms of malware that give its operators permanent access to the domain and the ability to steal data.

According to Sucuri, more than 60% of website hacks involved at least one backdoor.

Additionally, credit card theft scripts (or “scrapers”) remain a constant threat to e-commerce sites. Scrapers are typically small pieces of code implanted in payment pages, which collect card details from customers and pass them on to a server controlled by the attacker.

They now account for more than 25% of PHP-based malware signatures detected in 2021.

Spam is also one of the most common forms of website hacking. A total of 52.6% of websites analyzed by the company contain SEO spam, such as URL redirects, which are used to force visitors to visit pages that display malicious content. In addition, the team found evidence of spam injectors that hide spam links in hacked websites in order to improve their search engine rankings.

Most of the content associated with spam is related to pharmaceutical products such as Viagra, escort services, gambling, adult websites, and pirated software.

“Although there is no 100% security solution for website owners, we have always been advised to use an in-depth defense strategy,” says Sukuri. “Putting defensive controls in place helps you better identify and mitigate attacks targeting your website. Maintaining a good security posture comes down to a few basic principles: keeping your environment up-to-date and patched, using strong passwords, practicing the principle of least privilege, taking advantage of a firewall Web application protection to filter malicious traffic.”

Source: “ZDNet.com”

Leave a Comment