CMS-Based Site Security

An effective cybersecurity posture looks at every way cyber criminals will attempt to get into your network and gain access to your data.   One of these ways are CMS-based site attacks.  There are reports showing that payment card skimmers are growing and exploiting WordPress websites.

 

One research report, by Sucuri, reveals that cyber criminals are spending more time customizing kits to exploit WordPress websites.  While most compromises are opportunistic, skimming attacks are targeted.  Skimmers are going to play a bigger role in website infections this year.  Be aware that payment card stealers continue to target Magento-based sites, OpenCart and PrestaShop-based sites, but that growing attention is moving towards WooCommerce plugin users.

 

Threats targeting websites (CMS platforms such as WordPress, Joomla, Drupal, and Magento) are doing so by looking for vulnerable plugins, themes and/or extensions.  This indicates that it is not the vulnerabilities in the core CMS files that are a primary target.  What the research has found is that vulnerable plugins and extensions are in the mix of malware campaigns.  All it takes is a fraction of time for a website element to become vulnerable.  If the vulnerability isn’t picked up swiftly this leaves an open door for hackers to jump on in.  Furthermore, WordPress sites can’t be secured without security plugins due to WordPress administrator panels not providing multi-factor authentication and not rating limit failed logins attempts by default.

 

Additional findings are that 60.04% of compromised environments had a minimum of one backdoor to the website.  The most common backdoors were uploaders and webshells.  They also found PHP malware and that a malicious admin user is a popular way for attackers to keep access to compromised websites.  Reinfections of websites are common, SEO spam continues to be unabated, and cryptomining malware has become rare.  Also, 7.39% of websites held some type of phishing content, such as landing pages created via pre-built phishing kits and credentials that are targeted include Microsoft, Netflix and online banking.

 

The way you want to mitigate CMS threats are by getting ahead of your risks with the following steps.

• Regularly update your CMS, plugins, themes, extensions and if you can opt in for automatic updates when possible.
• Take note of vulnerabilities as soon as possible and take action to patch them.
• Uninstall anything that is no longer useful or being used by authors.
• Install security plugins to add a layer of security.
• Update your security plugins.
• For admin panes create additional authentication factors and strong passwords.
• Have a web application firewall.

 

The best defense is always a proactive one and one that involves people, process and technology.  Stay on top of your website’s security, your overall data environment, including apps, the cloud and your remote workforce’s devices, and so on.

 

For cybersecurity support you can schedule a free consultation with one of our experts here: https://calendly.com/ncxgroup

 

Photo courtesy of alphaspirit