Law Firms Beware: Vulnerable WordPress Sites Used as Watering Holes in Cyberattacks
Criminals are conducting watering hole attacks on law firms and business professionals using compromised legitimate WordPress blogs.
According to thehackernews, in January and February of 2023, two campaigns utilizing the malware strains GootLoader and FakeUpdates (also known as SocGholish) targeted six law firms. These attackers employ search engine optimization to lure victims to the drive-by-download site (SEO). Without the knowledge of the targeted websites' owners, the attackers published a new blog post containing a link that, when clicked, downloads malware.
It's not the first time hackers have used a WordPress site as a watering hole. Another recent example is the SolarMarker attacks of 2022. Esentire reported that attackers could easily find vulnerable websites to exploit by using "Google Dorking" tactics and searching for the source code of those sites. With these vulnerabilities, SolarMarker was able to mislead users into downloading and executing the malware on their computers under the premise of a Chrome, Firefox, or Edge update.
From 2021 to 2023, browser-based attacks have steadily been growing to compete with email as the primary infection vector.
The most recent attacks witnessed utilize SEO to funnel victims to download malware.
Vulnerable WordPress sites continue to be a target for threat actors.