If you were told that the likelihood of your website getting hacked at the critical level, you would rarely find any sense in it. Even your vendor would exude the same or higher level of misplaced confidence. That is where we are. This is precisely the strange predicament we are in. Cyber insecurity has certainly become unmanageable and no one is bothered about it. For precisely these reasons the latest attack on WordPress is not making headlines the world over.
WordPress is by far the most popular content management system on the Internet. This is proven by the fact that it single handedly runs 43% of all websites. Primarily based on this fact, the latest attack on WordPress by a new threat actor makes it all the more concerning. According to GTIG, a new threat actor codenamed UNC5142 has been successfully hacking into WordPress sites. The hacker group has used a brand new technique to spread malware across the web.
According to the report, the hacker group would find vulnerable WordPress websites often using flawed WordPress themes, plugins, or databases. The next step was to infect the targeted websites with a CLEARSHOT, multistage JavaScript downloader that distributes the malware. Then it was time to take the next step, it was the deployment of a new technique dubbed ‘EtherHiding,’ enabled by CLEARSHOT. EtherHiding is described as “a technique used to obscure malicious code or data by placing it on a public blockchain, such as the BND Smart Chain.
Innovation in cyber security is moving at a breakneck speed still it cannot match with the hackers defining this game. The method of using blockchain to spread malicious code is unique. What it necessarily does to make stopping the spread of malware all the more difficult. The smart contract containing code would call up a CLEARSHOT landing page, hosted on Cloudflare dev page, which utilizes a ClickFix social engineering tactic. Thus the website visitor is tricked into running malicious commands on their computer via the Windows Run dialog or Mac’s Terminal app. This group is often financially motivated.
WE ARE AT THE PRECIPICE OF CYBER SECURITY CRISIS.