According to ZDNet, ‘the very top of the site appears to be injected text with keywords, typically used to garner greater search engine hits, including keywords like “casino”, “blackjack”, and “roulette.” Some new pages have been injected to show content that embeds content from other casino-related websites.’
Digital Constitution’s code suggests the site was running WordPress 4.0.5. The most up-to-date version is 4.2.2. Microsoft has now cleaned up the page and no casino content remains. No one has claimed responsibility for the attack.
WordPress vulnerabilities abound: according to Trustwave’s 2015 Global Security Report, WordPress ‘pingback’ DDoS (distributed denial-of-service) attacks accounted for 30% of opportunistic attacks. The same report found that 98% of tested web applications were also found to be vulnerable.
It’s important to keep your software updated, just as it is to install patches whenever they are released. Vulnerabilities common to off-the-shelf software, CMS platforms, applications and plugins are being discovered – and exploited – all the time by opportunistic criminal hackers who use automated scans to identify targets.
Making sure you close security gaps and fix vulnerabilities as soon as they are known is essential to keeping your networks secure and your corporate information safe.