Tripwire on Die Cast Car Manufacturer’s Website Infected with Malware

Maisto, a miniature car maker has had its website infected by malware and it is believed hackers injected it directly to the homepage through an outdated Joomla content management system. The website has been serving the Angler exploit kit which in turn installs the Cryptxxx ransomware on victim machines. Security experts from Tripwire commented below.

Lamar Bailey, Sr. Director of Security R&D at Tripwire:

“This highlights the continued need for Vulnerability Management and continuous updates to vulnerable software. Many companies struggle with applying security updates and installing new, more secure versions of software due to resources, business downtime, and complexity of updates, but it is not something that can be ignored. One exposed critical vulnerability can be the gateway to breaches, ransomeware or even worse. A risk based vulnerability management system is core to a good security program.”

Craig Young, Security Researcher at Tripwire:

“Vulnerable blogging platforms create a tremendous risk for the reputation of a business as well as the consumers visiting their site. The reason these vulnerabilities can be so devastating is because just a few content management systems hold the vast majority of the market share and because attackers can easily leverage Google along with automatic compromise tools to take control of many sites very quickly.

The top 3 open source CMS (WordPress, Joomla, and Drupal) are used across more than 1.5M sites including many of the Alexa top sites.  Administrators of such sites need to apply security updates as they come out without delay or else likely find themselves on the receiving ends of an automated attack campaign.  As many of these flaws occur within plugins, I would also strongly advise that site operators carefully vet each plugin based on what value and what risk it may add before unnecessarily expanding their attack surface. For example, it has been speculated that attackers gained access to Mossack Fonseca (Panama Papers) through a WordPress deployment with an unpatched instance of the Revolution Slider plugin or a severely out of date Drupal install.”