ISIS Hackers Using WordPress Vulnerabilities: FBI

According to a media release by Federal Bureau of Investigation Cyber criminals are hosting the fraudulent government websites to gain the financial and personal information from unaware web searchers. The hackers can take control of the affected system through the WordPress content management system plug-in Vulnerability.


According to the press release by the FBI " Successful exploitation of the vulnerabilities could result in an attacker gaining unauthorized access, bypassing security restrictions, injecting scripts, and stealing cookies from computer systems or network servers. An attacker could install malicious software; manipulate data; or create new accounts with full user privileges for future Web site exploitation."

 FBI fears that the ISIS Hackers are taking advantage of these WordPress Vulnerabilities and targeting websites which use WordPress as the content management system. That may include News websites, Government sites, religious institutions and other domestic and International websites.

While on the other hand there is a theory that there is no relationship between these defacement's and ISIS. Many infosec specialist believe that if you are using a content management system it doesn't matter what type of content management system you are using WordPress or any other. Your content management system should be updated always. Updating and installing all plug-ins in your content management system is the only solution for this issue.

FBI also added in another media release with the previous one that hackers are hosting fake government services websites to get the fraudulent fees and also the personal information of the people. These activities are going on from May 2012 to March  2015. The amount of fraudulent fees are not very high, but the FBI is taking this matter seriously because those hackers acquired personally identifiable information.