The FBI has warned of an ongoing cyber campaign by individuals sympathetic to the Islamic State in the Levant (ISIL), targeting a range of different websites, using known vulnerabilities in WordPress.
The bureau warned that the defacements have affected Website operations and the communication platforms of news organisations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Websites.
It seems that the hackers are exploiting WordPress CMS plug-in vulnerabilities. These flaws can allow attackers to take control of an affected system, gain unauthorised access, bypass security restrictions, inject scripts, and steal cookies from computer systems or network servers.
“An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation,” warned the bureau.
The FBI urged firms to apply the available software patches to plug these identified vulnerabilities. Meanwhile it seems that the ISIL defacement of WordPress websites is not the only problem at the moment.
The FBI also issued an alert for an unrelated matter, warning that criminals are hosting fraudulent government Websites in a effort to collect personal and financial information from unwitting Web users.
“Victims use a search engine to search for government services such as obtaining an Employer Identification Number (EIN) or replacement social security card,” said the FBI. “The fraudulent criminal websites are the first to appear in search results, prompting the victims to click on the fraudulent government services website.”
Earlier this year, social media accounts linked to the US military suffered a cybersecurity attack from hackers claiming to support the terrorist Islamic State militant group.
The @CENTCOM Twitter account, representing the US command that oversees operations in the Middle East, was hacked and defaced with messages praising Islamic State.
US President Barack Obama recently created a new sanctions scheme after he signed an executive order that classified malicious cyber attacks as a “national emergency”.
This means that the US Treasury now has the power to freeze assets and bar other financial transactions of entities engaged in cyber attacks. Hackers who conduct commercial espionage in cyberspace can now be listed on the official sanctions list of specially designated nationals.
Are you a security pro? Try our quiz!
Launch of Samsung's Galaxy S25 Ultra, Galaxy S25+ and Galaxy S25 sees the handsets described…
Microsoft's LinkedIn sued for allegedly using customer data, including private messages, to train AI models…
1,700 jobs to be lost in Quebec, as Amazon says it will close seven sites…
Google wins permanent injunction from London's High Court to prevent enforcement of Russian YouTube judgements
OpenAI, SoftBank, Oracle and others form joint venture called 'The Stargate Project' – to build…
Government replaces chairman of the competition watchdog with former Amazon boss, amid Labour's “growth” drive…