FBI (April 7) ISIL Defacements Exploiting WordPress Vulnerabilities. Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems. Click here for the full alert.
Best practice. The FBI recommends the following actions be taken:
- Review and follow WordPress guidelines: http://codex.wordpress.org/Hardening_WordPress
- Identify WordPress vulnerabilities using free available tools such as
http://www.securityfocus.com/bid,
http://cve.mitre.org/index.html,
https://www.us-cert.gov/ - Update WordPress by patching vulnerable plugins:
https://wordpress.org/plugins/tags/patch - Run all software as a non-privileged user, without administrative privileges, to diminish the effects of a successful attack
- Confirm that the operating system and all applications are running the most updated versions.
- Haaretz (April 7) Anti-Israel cyberattack a far cry from promised ‘electronic holocaust’. Hacktivists belonging to Anonymous collective release what appears to be Israelis’ private information and hijack websites.
- JTA (April 7) Hackers bring down private Israeli websites, fail to damage gov’t sites
- Jerusalem Post (April 7) Cyber terrorism triggers severe psychological, physical stress, Haifa researchers shows. “Vast majority of public are complacent and, until they are exposed to a personal cyber attack, they see cyber terrorism as nothing more than an inconvenience,” expert says.
The FBI is warning U.S. companies that cyber terrorists from the Middle East and North Africa are planning to conduct cyber-attacks against Israeli and Jewish interests next week. The Bureau stated in a security notice to U.S. industry on Sunday that, as of early March, “several extremist hacking groups indicated they would participate in a forthcoming operation, #OpIsrael, which will target Israeli and Jewish Web sites.”
“Given the perceived connections between the government of Israel and Israeli financial institutions, and those of the United States, #OpIsrael participants may also shift their operations to target vulnerable U.S.-based financial targets or Jewish-oriented organizations within the United States,” the FBI warning said.
The FBI predicts that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. So, make sure that your techies and hosts maintain and update your systems.
The FBI said members of at least two extremist hacking groups it did not identify are currently working to recruit hackers for the attacks next week. The hacker group Anonymous this week also threatened an “electronic Holocaust” in a video statement.
The FBI estimated that the threat to U.S.-based infrastructure from the coming cyber attack is low for well-maintained and updated networks. However, as part of its program to notify private industry of major cyber threats, the FBI is notifying several possible targets.