The FBI is warning WordPress operators to patch their systems or risk having them defaced by the ISIS sympathizers.

So far, according to the FBI, defacements have occurred on the websites of news organizations, religious institutions, local and federal governments, foreign governments and more.

Whilst not particularly skilled, the hacks have nevertheless caused disruption, lost revenue and extra costs to repair, it added.

The attackers voice support for ISIS, sometimes referred to as ISIL, “to gain more notoriety than the underlying attack would have otherwise garnered,” the FBI said.
If left untouched, they could allow the following:

“Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future web site exploitation.”

“The FBI assesses that the perpetrators are not members of the ISIL terrorist organization. These individuals are hackers using relatively unsophisticated methods to exploit technical vulnerabilities and are utilizing the ISIL name to gain more notoriety than the underlying attack would have otherwise garnered.”

WordPress was recently in the news for the hack of Pirate Bay which served up a banking trojan.

Sam Hartley, senior security consultant with 7 Elements, urged WordPress users to follow best practice steps such as configuring automatic updates; minimizing use of third party plug-ins; using an app firewall to detect and block attacks; and carrying out regular site security assessments.

Source: Infosecurity