Payment card skimmers are becoming more common in exploit kits affecting WordPress websites, and attackers are spending more time customizing them to avoid detection, Sucuri’s latest research report reveals.
“Unlike most compromises we see, skimming attacks are more often targeted than opportunistic,” the company added, saying they expect skimmers to play an even bigger role in website infections in 2022. .
Furthermore, while payment card thieves were predominantly found on Magento-based sites (and less so on OpenCart and PrestaShop-based ones), WooCommerce plugin users are becoming more and more targeted due to their large presence in the e-commerce landscape.
Other key findings
Sucuri’s most recent Website Threat Research Report is based on data collected and observations made by the company’s Incident Response and Remediation team during their engagements throughout 2021, and shows current trends related to with threats targeting websites based on popular CMS platforms like WordPress, Joomla, Drupal. and Magento.
According to the team, about half of CMS-based site infections were executed through vulnerable plugins, themes, or extensions (i.e., not vulnerabilities in core CMS files).
“Websites that contain a recently vulnerable plugin or other extension are more likely to be caught in malware campaigns,” they found, warning that “even a fully updated and patched website can suddenly become vulnerable if one of the elements of the site web has a vulnerability disclosure. and no action is taken quickly to remedy it.”
They also noted that proper protection of WordPress sites cannot happen without security plugins, after lamenting the fact that WordPress admin panels do not provide multi-factor authentication and fail to score failed login attempts. default.
The researchers also concluded that:
- 60.04% of infected environments contained at least one website backdoor, with loaders and webshells being the most common. PHP malware is also often found, be it payment card stealers, login stealers, injectors or redirectors.
- A malicious admin user is another popular way for attackers to maintain access to compromised sites.
- Website reinfections are common
- SEO spam continues unabated, but cryptomining malware on compromised websites has become rare
- 7.39% of websites contained some type of phishing content, typically phishing landing pages, more often than not created via pre-built phishing kits. The most commonly targeted credentials were for Microsoft, Netflix, and online banking.
Mitigate CMS threats and stay ahead of future trends
Owners and administrators of CMS-based websites are recommended to:
- Regularly update your CMS, plugins, themes, and extensions, or better yet, opt for automatic updating when possible.
- React quickly when vulnerabilities are discovered and fixed in the components they use.
- Uninstall packages that are no longer useful, especially if they have been abandoned by their authors
- Use security plugins to increase defenses (but be sure to update them regularly)
- Secure your admin panels and use unique, complex and longer passwords as well as additional authentication factors if possible
- Use a web application firewall to block attack attempts
“While there is no 100% security solution for website owners, we have always advised using a defense-in-depth strategy. Establishing defensive controls helps you better identify and mitigate attacks against your website. Employ any and all precautions available to you, and never completely trust a single solution,” they say. completed.