WordPress, one of the most popular platforms for creating websites, has been targeted due to a security vulnerability that hackers discovered in a common plugin used with the site. This has spelt chaos in the world of cybersecurity. Hackers used Gootloader, a new type of downloader malware, to upload malicious software using the plugin.
This attack is a huge deal in the world of cybersecurity simply because of the number of websites it can impact. Recent studies have shown that 39.5% of all websites in 2021 use WordPress hosting services.
In this blog, we go into the details of this attack, its effect on websites across the world, and how such attacks can be prevented in the future.
Gootloader uses malicious SEO techniques to get into relevant Google search results. Gootloader can modify existing websites so that they change how certain visitors see them.
The gootloader malware attack initially injects a few additional lines of code. Eventually, it may download dozens of pages of fake content. All of this is done to buy extra time to remain undetected so that the cyber-attack can proceed and conceal the end result.
Hackers usually entice a business professional to head to a compromised website and then have them click on a link. Once the web user completes this action, the hacker attaches ransomware, a banking trojan, or a credential stealer.
The Gootloader malware attack has targeted millions of websites and seeks to affect business professionals who speak Korean, German, and English. The cyber-attack has compromised dozens of legitimate WordPress websites across various industries, including:
Defiant, which provides the Wordfence web firewall, has reported blocking more than 1.7 million attacks within a few months, which represents more than half of WordPress sites that use the firewall. WordPress is installed on hundreds of millions of websites.
WordPress worked with its partners and helped send security patches to users once it learned about the problem. Since not all users used the security patch, WordPress added an auto-update feature for WordPress themes and plugins. This ensures that sites are always running the most recent version of available WordPress themes and plugins while also staying safe.
As these attacks target legitimate sites, it can be difficult to spot them. However, some things to look out for include:
Cybersecurity is especially important to businesses and websites today. Here are some ways to keep your website safe from Gootloader and other cyber threats:
It is also imperative to train and educate your employees in the basics of cybersecurity so that such attacks on your business website or online store can be avoided. Implement a certified cybersecurity training that teaches employees how to:
You should also always work with the premise that your website will most likely get attacked at some point. Therefore, it is best to have a solid cybersecurity incident response plan in place which adheres to the NIST Cybersecurity Framework and equips your staff for quick detection and removal of malware.
If you’re really serious about your cybersecurity and business reputation and if you handle particularly sensitive information, it may even be worthwhile getting your organisation's cyber resilience audited by an external expert.
You can opt for quick health-checks or detailed breach readiness assessments in order to evaluate how safe your online infrastructure really is and how prepared your staff is for a cyber-attack. Conducting scenario-based cyber crisis tests is also a good idea.
Gootloader poses a serious cybersecurity threat to websites and web users across the globe. However, by implementing the cybersecurity strategies discussed above and investing a little in employee awareness and training, you can likely avoid it and similar threats.
Author: David Lukić
David Lukić is an information privacy, security and compliance consultant at IDstrong.com. The passion to make cyber security accessible and interesting has led David to share all the knowledge he has.