Delaware, USA – December 21, 2017 – This Monday, Wordfence company reported on the start of massive brute force campaign against WordPress websites. There are more than 10,000 IPs from different countries involved in this attack. Employees of security firm recorded splashes exceeding 14 million attempts of password guessing per hour that targeted approximately 200,000 servers. Adversaries do not use stolen or bought in Darknet credentials: this attack is performed using common passwords lists. While getting access to an attacked website, they either add it to the botnet to enhance their brute force campaign or install Monero cryptocurrency miner on it. The number of compromised websites is currently not established, but it is known that the attackers have already managed to get more than $ 100,000 in Monero.
About 30% of all websites in the world is now running on WordPress, and this is not the first cyberattack on sites in which adversaries compromise servers to install cryptocurrency miners on them. To detect the beginning of a brute force attack and have time to take action, you can use Brute Force Detection from Use Case Cloud. An advanced version of this SIEM use case will warn you even about the slow brute force attacks performed against your website. You can also get Web Application Security Framework, which will notify you not only about passwords guessing but also of any other suspicious activity.