Relying on Data to Mitigate the Risk of WordPress Website Hijacking

This post was co-authored with IBM X-Force researchers Mark Usher and Martin Steigemann.
---

One of the most common methods cybercriminals use to deliver phishing and malware to unsuspecting users is compromising legitimate websites, such as those hosted on WordPress, to house their own malicious content for free.

The URLs of compromised sites used for phishing attacks reach users through spam emails, allowing security professionals to keep track of their volume. In 2016, according to an Anti-Phishing Working Group (APWG) report, phishing attack campaigns shattered all previous years’ records, which the firm began monitoring in 2004. The report revealed that phishing sites peaked at 158,988 in the month of April 2016, a large number of attacks that keeps growing year over year. Once hijacked, the same site can be used to serve malware.

There are ways to protect users from email-borne attacks, but to keep the internet safer from those who perpetrate them, we must cut the supply chain even earlier. On the vendor side, faster detection can ensure that affected sites are flagged on time to prevent users from reaching them, thus foiling the attacker’s plans. On the website side, administrators should prioritize applying basic security practices to keep their sites safer, and users should remain cautious about opening unsolicited email and accessing links or attachments they receive inside.

Read more about our findings and conclusions here.