Wordfence has released an advisory that recommends being vigilant and increasing the security of sites against cyberattacks after Russia has attacked Ukraine.
Wordfence is a cybersecurity organization staffed by some of the world’s leading cybersecurity professionals. They have over 4 million sites under their protection and with the attacks from Russia that has happened, they have increased their vigilance and are closely examining the sites under their care for any emerging threats. They are on the lookout for:
WordPress site compromises with no known vulnerability present, that may be exploiting a zero-day vulnerability. It is not uncommon to see an APT (Advanced Persistent Threat – Usually a nation-state) exploit zero-days during a large-scale or strategically important operation.
A sudden increase in reports of compromised WordPress websites.
An increase in attacks being launched from compromised WordPress sites.
Unusual activity reports from our user community or from our attack telemetry.
They recommend the following steps to protect business and sites against cyber attacks that may occur:
Educate your team about the risks of social engineering attacks and of being phished or spear phished.
Ensure you have two-factor authentication enabled on every important user account that you and your team operate.
If you develop a WordPress plugin or other software that is distributed to customers, be aware that you are a target for a supply chain attack. So make sure that your code repositories and deployment systems are secure. An attacker may want to use you to distribute backdoors or other malicious code to your clients.
Keep a close eye on your logs – security logs in particular – of all the systems under your team’s control.
Use configuration management to manage what files should and should not be on your critical infrastructure. If you see new files appearing that you didn’t create, that’s a red flag.
Be aware of financial activity in your organization, and be on the lookout for financial fraud attempts.
Make sure that your HR systems and other systems that contain sensitive PII (personally identifiable information) are locked down.
Ask your team to be on the lookout for anything that “seems weird”. Adopt an approach of “If you see something, say something” and at the very least you’ll have an interesting discussion – and at worst, it’s an attack underway.
While small and medium businesses may not be the target of such attacks, it is still best to protect your site and business from the possibility. There have been a lot of hacking instances that have happened in the past months, taking advantage of WordPress vulnerabilities and plugin vulnerabilities. Protect your site and your business by making sure you have the latest version of WordPress, the latest version of your installed plugins, and keeping an eye on the activities on your site.
For more details check out the Wordfence advisory here.
The US Government Cybersecurity Advisory has also released an advisory and can be read here.