There’s been a recent upsurge of social media and website hacking. Several government websites, financial institutions, academic websites and even businesses have been targeted. The most recent of this attacks being the Palestine campaign against Israel over the Gaza region. Some of the casualties so far include IEEE.org sub-domains, Irish government’s Freedom of Information (FOI) website and even some local institutions in Kenya.
Research from our security lab indicates that of the social media discussions about the campaign mostly originate in the Middle East, North Africa, Southeast Asia, Western Europe, and the United states. The campaign #OPIsrael intends to pull down Israeli websites and those affiliated to them or deemed as sympathizers. They intend to achieve this through DDOs attacks, database leaks, defacement and admin panel takeover among hacking activities. Their mission “Erasing Israel from Cyberspace” sounds laughable though.
The main perpetrators of these attacks are several factions spread all over the globe among them are AnonGhost and Holako. Another group called Fellaga are also known to have caused similar attacks before.
The main target of this onslaught are mostly WordPress websites. The attack vectors being vulnerable plugins and sites not running the latest versions of WordPress.
System administrators are advised to update their wordpress version and also with the help of professional security experts identify vulnerable plugins. They should also host with reputable entities who are known to enforce relevant security standards. Should also ensure their servers provide protection from shellshock/bash, heartbleed, poodle, DDOs attacks, Freak among other serve side bugs and vulnerabilities.
Other measures that will be of help include use of strong password combination for CPanel and their website logins. Measures also to protect from cross site scripting and SQL injection need to be taken.