Threat Actors Prey on Drupalgeddon Vulnerability to Mass-Compromise Websites and Underlying Servers
** This post was co-written with IBM X-Force researcher Noah Adjonyo**
IBM Security’s Managed Security Services (MSS) team monitors
the enterprise threat landscape on an ongoing basis, detecting and mapping new
threats as they emerge. In a recent investigation, our MSS intelligence
analysts discovered that malicious actors are using recent Drupal
vulnerabilities to target various websites and possibly the underlying
infrastructure that hosts them, leveraging Shellbot to open backdoors.
This appears to be a financially motivated effort to
mass-compromise websites. How can defenders keep websites and underlying
systems safe in the face of these evolving threats?
What Is Drupal, and Why Is It a Target?
Like WordPress, Drupal is a content management system (CMS)
that is used widely by people who create and maintain websites and applications
for all sorts of purposes, both personal and business, private and public.
Drupal is open source and, as such, is maintained by a community of users. This
is also how its security and vulnerability patching is maintained.
CMSs that are used across a large number of websites are
juicy targets for cybercriminals, who commonly automate their attacks in a
one-size-fits-all type of operation. Those who target random websites aim to
compromise as many as possible and consider the monetization options later.
To do that, malicious actors often pick a vulnerability and
then probe for exploitable sites en masse. Those found unpatched or vulnerable for
some other reason might fall under the attacker’s control, which could mean a
complete compromise of that site. With this level of control, the attacker has
access to the site as a resource from which to steal data, host malicious
content or launch additional attacks.
ShellBot Attacks Open Backdoors With Drupalgeddon 2.0
Want to read the next section? Check out the original blog post here.
Hierarchical pioneers consider festivities a great deal. Perhaps not the sort Guinness was poJill Hardener
ReplyDeletendering with that slogan, yet they certainly consider them.
Give thought to what you want to get out of your training as well, in addition to just the certificate. You probably want a thorough understanding of the generally accepted best practices associated with the field of cybersecurity. Artificial Intelligence For Cybersecurity
ReplyDelete