Winter brings a number of holidays in a short period of time, and many organizations shut down or run a skeleton crew for a week or more at the end of the year and beginning of the new year. This makes it easier for would-be attackers to find success as systems are not as closely monitored.

This means that during major holidays it is not uncommon to see spikes in attack attempts.

We observed spikes in attack traffic for two of our firewall rules over the Christmas and New Year holidays, which are discussed in more detail below. The spikes in these rules look rather different when compared to each other. What they have in common is that the best defenses are proactively securing your website and keeping WordPress core, themes, and plugins updated.

Targeted Spikes: Downloads Manager Plugin

There were two spikes specifically targeting the Downloads Manager plugin by Giulio Ganci. The first spike was on December 24, 2022, with a second spike on January 4, 2023. In the 30-day reporting period, only 17 attempts to scan for readme.txt or debug.log files did not target the Downloads Manager plugin. On average, the rule that blocks these scans typically blocks an average of 7,515,876 scan attempts per day.

The first spike saw 92,546,995 scan attempts, and the second spike soared to 118,780,958 scan attempts in a single day.

Source: Holiday Attack Spikes Target Ancient Vulnerabilities and Hidden Webshells


Tags

WordPress vulnerabilities


You may also like

ChatGPT Plus Upgrade

ChatGPT Plus Upgrade
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Want even more Marketing Tools, Courses, News, and Personal Development Info?

>