ThreatMon Blog
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy
No Result
View All Result
ThreatMon Blog
No Result
View All Result

Home » WordPress Sites Hacked with Fake Cloudflare DDoS Alerts

WordPress Sites Hacked with Fake Cloudflare DDoS Alerts

A budget tells us what we can't afford, but it doesn't keep us from buying it.

ibrahim mestav by ibrahim mestav
August 5, 2023
in Security News
0
WordPress Sites Hacked with Fake Cloudflare DDoS Alerts
599
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

DDoS protection pages typically verify whether the site visitor is actually a human or part of a Distributed Denial of Service (DDoS) attack or other unwanted bot.

Bad bots make up a large portion of web traffic. These include DDoS traffic, scrapers scavenging email addresses to send spam, bots trying to find vulnerable websites to be compromised, and more.

Bots also consume bandwidth on websites, causing increased hosting costs and corrupting meaningful website visitor statistics.

Recently, a malicious JavaScript injection was discovered by Sucuri affecting WordPress websites, resulting in a fake CloudFlare DDoS protection popup.

cloud-flare-ddos-protection-01

Such browser controls are common on the web. For this reason, users can click on this request without thinking twice. This prompt actually downloads a malicious .iso file to the victim’s computer.

cloud-flare-ddos-protection-02

Next comes a new message asking for a verification code to access the website. This message is to persuade the user to open the file.

cloudflare-ddos-protection-03

“This is NetSupport RAT. It has been linked to FakeUpdates/SocGholish and typically used to check victims before ransomware rollout. The ISO file contains a shortcut disguised as an executable that runs powershell from another text file.” Jerome Segura said.

“After that, just about anything can happen depending on the victim.”

The infected computer can be used to steal social media or banking credentials, detonate ransomware, and even imprison the victim in a malicious slave network, extort the computer owner and breach their privacy.

Not only SEO rankings or website reputations are important, but also the privacy and security of users visiting your website.

“Remote Access Trojans (RAT) are considered one of the worst types of infections that can infect a computer, as they give attackers full control over the device,” sucuri said in the report.

Here are some steps Sucuri recommends to reduce the risks:

Website owners:

  •     Keep all software on your website up to date
  •     Use strong passwords
  •     Use 2FA on your administrative panel
  •     Place your website behind a firewall service
  •     Employ file integrity monitoring

Website visitors:

  •     Make sure your computer is running a robust antivirus program
  •     Place 2FA on all important logins (such as your bank, social media)
  •     Practice good browsing habits; don’t open strange files!
  •     Keep your browser and all software on your computer updated/patched
  •     Use a script blocker in your browser (advanced)

References:

https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html

Previous Post

CISA Warning Against Active Exploitation of Palo Alto Networks’ PAN-OS Vulnerability

Next Post

13 Organizations Targeted by Chinese-Linked APT41 and a New Wave of Cobalt Strike Infections

Next Post
13-organizations-targeted-by-chinese-linked-apt41-and-a-new-wave-of-cobalt-strike-infections

13 Organizations Targeted by Chinese-Linked APT41 and a New Wave of Cobalt Strike Infections

Recommended

WordPress Sites Hacked with Fake Cloudflare DDoS Alerts

WordPress Sites Hacked with Fake Cloudflare DDoS Alerts

August 5, 2023
who-is-darkside-ransomware-group

Who is DarkSide Ransomware Group?

September 7, 2023

Popular Story

  • chatgpt-and-malware-analysis-threatmon

    ChatGPT and Malware Analysis – ThreatMon

    977 shares
    Share 391 Tweet 244
  • ChatGPT and Cyber Security in 15 Questions: Impacts, Benefits and Harms

    777 shares
    Share 311 Tweet 194
  • TA558 APT Group Uses Malicious Microsoft Compiled HTML Help Files

    751 shares
    Share 300 Tweet 188
  • What is SMTP Open Mail Relay Vulnerability?

    728 shares
    Share 291 Tweet 182
  • The Importance of Attack Surface Management for Organizations

    678 shares
    Share 271 Tweet 170

Intelligence Modules

Cyber Threat Intelligence Attack Surface Management Digital Risk Protection

Resources

Blog Reports

Platform

Discover the platform

Company

About Us Terms & Use Privacy Policy

Blog

The Importance of Attack Surface Management for Organizations ChatGPT and Malware Analysis – ThreatMon TA558 APT Group Uses Malicious Microsoft Compiled HTML Help Files
threatmon-logo

Copyright © 2023

No Result
View All Result
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy

© 2023 JNews - Premium WordPress news & magazine theme by Jegtheme.

Advanced Threat Intelligence Platform
Get 30 Days Free Trial
Get 30 Days Free Trial