Targeting accounts with popular usernames such as admin or user, the botnet launched a brute force attack bombarding sites with dictionary derived password attempts thus gaining access to many which had been set up with trivial credentials. Accessed sites then gave cyber criminals the means to compromise the site and in some cases to access other domains.
The botnet strike has once again highlighted the need to use strong passwords and not to share the passwords across domains or accounts.
According to Matt Middleton-Leal of Cyber-Ark, “Common usernames and weak passwords are extremely risky online, however, the dangers are compounded if users re-use the same login credentials for other sites."
“It’s particularly concerning that so many accounts use these generic login details, particularly if these credentials are shared amongst multiple employees for business use. Administrator accounts often have the widest access within an organisation’s network and if these accounts are compromised, hackers can effectively have the same capabilities as IT administrators with unlimited access within the business."
“If Wordpress users have been targeted in this attack", Matt continued, "they should immediately seek to change their username and password details for their Wordpress account, but also for any other accounts for which they use the same credentials."
The risks also extend to users of the Wordpress site that has been compromised, as explained by Olli-Pekka Niema, Stonesoft's vulnerability expert. He said, “A concern of this attack is that by compromising WordPress blogs attackers may be able to upload malicious content and embed this into the blog. When readers visit the blogs in question they would be then be subject to attack, come under compromise and develop into botnets. The attacks against the word press blogs seem to be distributed, with automated attacks coming from multiple sources. This indicates that a botnet is performing these attacks. Blog writers should use strong passwords to protect their accounts and in the end, their users, to whom they have a responsibility to help protect.”