WordPress, one of the most widely used content management systems globally, has fallen victim to the largest cyberattack in its history. Over 4 million websites were compromised due to a vulnerability in the "Really Simple Security" plugin (formerly known as Really Simple SSL). This flaw allowed cybercriminals to gain admin-level access to affected accounts, even those protected by two-factor authentication.
Sancho Lerena, CEO of Pandora FMS, a Spanish company specializing in IT security and management, warned: "Any data is valuable to steal, no matter how small the website is." It is estimated that 97% of security breaches on WordPress websites exploit vulnerabilities in installed plugins. In this case, the popularity of both WordPress and the affected plugin significantly increased the attack's impact.
Ironically, the Really Simple Security plugin was designed to enhance website protection by improving authentication and detecting vulnerabilities in real-time. However, a flaw in its code caused the opposite effect, enabling unauthorized remote access to millions of websites. Lerena emphasized that this incident highlights the importance of taking cybersecurity seriously, even when using platforms that offer seemingly robust security tools.
Lessons to prevent mass attacks
This incident, reminiscent of the recent CrowdStrike failure on Windows that disrupted millions of businesses, underscores the need to diversify cybersecurity tools. According to Lerena, "Relying on a single 'shield' is not enough, especially when it’s so widely used. When it fails, it leaves you completely exposed." He also recommended opting for systems that adapt to the specific needs of each infrastructure and remain cost-effective.
Copyright © 2024 All Rights Reserved
Spain (Spanish)
Italy (Italiano)
Worldwide (English)