FBI Warns Of Islamic State Campaign Against WordPress Sites

The FBI has warned of an ongoing cyber campaign by individuals sympathetic to the Islamic State in the Levant (ISIL), targeting a range of different websites, using known vulnerabilities in WordPress.

The bureau warned that the defacements have affected Website operations and the communication platforms of news organisations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Websites.

WordPress Hacks.

The FBI did state that the defacements demonstrate low-level hacking skills, but said that they are disruptive and often costly to repair and fix. It said the attackers are not actual members of ISIL, but are using the ISIL name to gain more notoriety than the underlying attack would have otherwise gathered.

It seems that the hackers are exploiting WordPress CMS plug-in vulnerabilities. These flaws can allow attackers to take control of an affected system, gain unauthorised access, bypass security restrictions, inject scripts, and steal cookies from computer systems or network servers.

“An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation,” warned the bureau.

The FBI urged firms to apply the available software patches to plug these identified vulnerabilities. Meanwhile it seems that the ISIL defacement of WordPress websites is not the only problem at the moment.

Fraudulent Websites

The FBI also issued an alert for an unrelated matter, warning that criminals are hosting fraudulent government Websites in a effort to collect personal and financial information from unwitting Web users.

“Victims use a search engine to search for government services such as obtaining an Employer Identification Number (EIN) or replacement social security card,” said the FBI. “The fraudulent criminal websites are the first to appear in search results, prompting the victims to click on the fraudulent government services website.”

Earlier this year, social media accounts linked to the US military suffered a cybersecurity attack from hackers claiming to support the terrorist Islamic State militant group.

The @CENTCOM Twitter account, representing the US command that oversees operations in the Middle East, was hacked and defaced with messages praising Islamic State.

US President Barack Obama recently created a new sanctions scheme after he signed an executive order that classified malicious cyber attacks as a “national emergency”.

This means that the US Treasury now has the power to freeze assets and bar other financial transactions of entities engaged in cyber attacks. Hackers who conduct commercial espionage in cyberspace can now be listed on the official sanctions list of specially designated nationals.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Samsung Touts AI Features With Galaxy S25 Smartphones

Launch of Samsung's Galaxy S25 Ultra, Galaxy S25+ and Galaxy S25 sees the handsets described…

19 mins ago

LinkedIn Sued Over Alleged Use Of Private Messages To Train AI

Microsoft's LinkedIn sued for allegedly using customer data, including private messages, to train AI models…

2 hours ago

Amazon To Shutter Sites In Unionised Province In Canada

1,700 jobs to be lost in Quebec, as Amazon says it will close seven sites…

17 hours ago

Google Wins UK Injunction To Halt Russian Enforcement Of Judgements

Google wins permanent injunction from London's High Court to prevent enforcement of Russian YouTube judgements

19 hours ago

Tech Giants Announce $500 Billion AI Plan In US

OpenAI, SoftBank, Oracle and others form joint venture called 'The Stargate Project' – to build…

20 hours ago

CMA Chair Replaced By Government Amid Growth Drive

Government replaces chairman of the competition watchdog with former Amazon boss, amid Labour's “growth” drive…

21 hours ago