Hackers are compromising WordPress sites to insert a malicious script that uses visitors' browsers to perform distributed denial-of-service attacks on Ukrainian websites.
This week, MalwareHunterTeam discovered a WordPress site compromised to use this script, targeting ten websites with Distributed Denial of Service (DDoS) attacks.
These websites include Ukrainian government agencies, think tanks, recruitment sites for the International Legion of Defense of Ukraine, financial sites, and other pro-Ukrainian sites.
Attackers are compromising these WordPress websites by exploiting unpatched vulnerabilities. Since WordPress doesn’t automatically install updates, it is the responsibility of website owners to consistently monitor for security updates and apply these patches in a timely manner. Many WordPress website owners forget to change the default settings after creating an account. For example, the administrator account for WordPress comes with the default “admin” username. If left unchanged, threat actors can easily brute force their way in and take control of the websites under that account. Therefore, it is necessary for WordPress site owners to change any default settings and secure their accounts. This can be accomplished by implementing strong passwords and using two-factor authentication when possible.