[ISN] Tactics of WordPress attackers similar to bank assaults

http://www.csoonline.com/article/731797/tactics-of-wordpress-attackers-similar-to-bank-assaults By Antone Gonsalves CSO April 16, 2013 Cybercriminals are attacking servers hosting WordPress sites in an attempt to build a potent botnet that would be eerily similar to one used last year to attack major U.S. financial institutions. The motives of the latest attackers is not known. However, their tactics resemble those used to build the infamous Brobot botnet, in which the attackers compromised PHP-based websites powered by the Joomla and WordPress content management systems. It was used to attack financial institutions including as U.S. Bancorp, JPMorgan Chase & Co., Bank of America, PNC Financial Services Group and SunTrust Banks. The similarities have some security experts worried. “I don’t think we can know exactly what the motivations for the attacks are right now, but the concern is this attack could be building something very similar and its scale is pretty significant,” said Matthew Prince, co-founder and chief executive of CloudFlare. In both attacks, the criminals used a botnet comprised of home personal computers to attack hosting servers in order to build a far more powerful network. In the latest assaults, the hackers are using a so-called “brute-force” attack, which involves trying many combinations of commonly used user names and passwords. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org