The web is seeing an increase in malicious scripts injected into legitimate websites, which redirect internet users to the Neutrino exploit kit server when accessed. Hundreds of millions of sites could be affected, serving up ransomware and other baddies.
Heimdal Security said that the attack has been carried out by systemically compromising websites which run an outdated content management system, especially unpatched WordPress sites, or outdated plugins.
According to Heimdal, WordPress is used by 58.7% of all the websites whose content management system we know. This is 24.3% of all websites. Since there are almost 1 billion websites in the world, the figure of potentially compromised websites could rise to over 142 million. Moreover, over 20% of WordPress-based websites run an outdated version.
“Even websites that run the latest version of WordPress could be vulnerable to this attack if they run outdated plugins and lack in proper security settings,” the researchers said, in an analysis. “With over 409 million people reading WordPress blogs each month, the number of potential ransomware victims could be disturbingly high. And keep in mind that the attack is not solely directed towards WordPress-based websites, so the impact could be even bigger.”
The issue underlies the fact that the need for improved browser security and additional security tools that can supplement antivirus protection has never been greater.
“Website administrators, bloggers and everyone who uses a CMS should once again understand that patching and installing the latest updates is key to ensuring basic cyber security for any type of website and platform, and that security provisions are not only essential for themselves, but for their readers as well,” Heimdal said.