Maisto, a miniature car maker has had its website infected by malware and it is believed hackers injected it directly to the homepage through an outdated Joomla content management system. The website has been serving the Angler exploit kit which in turn installs the Cryptxxx ransomware on victim machines. Security experts from Tripwire commented below.
Lamar Bailey, Sr. Director of Security R&D at Tripwire:
“This highlights the continued need for Vulnerability Management and continuous updates to vulnerable software. Many companies struggle with applying security updates and installing new, more secure versions of software due to resources, business downtime, and complexity of updates, but it is not something that can be ignored. One exposed critical vulnerability can be the gateway to breaches, ransomeware or even worse. A risk based vulnerability management system is core to a good security program.”
Craig Young, Security Researcher at Tripwire:
“Vulnerable blogging platforms create a tremendous risk for the reputation of a business as well as the consumers visiting their site. The reason these vulnerabilities can be so devastating is because just a few content management systems hold the vast majority of the market share and because attackers can easily leverage Google along with automatic compromise tools to take control of many sites very quickly.
The top 3 open source CMS (WordPress, Joomla, and Drupal) are used across more than 1.5M sites including many of the Alexa top sites. Administrators of such sites need to apply security updates as they come out without delay or else likely find themselves on the receiving ends of an automated attack campaign. As many of these flaws occur within plugins, I would also strongly advise that site operators carefully vet each plugin based on what value and what risk it may add before unnecessarily expanding their attack surface. For example, it has been speculated that attackers gained access to Mossack Fonseca (Panama Papers) through a WordPress deployment with an unpatched instance of the Revolution Slider plugin or a severely out of date Drupal install.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…