Who Runs Outdated WordPress and Drupal Versions?Corporations!
CYBER NEWS

Who Runs Outdated WordPress and Drupal Versions? Corporations!

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

outdated-wordpress-and-drupal-versions

If you’re running an outdated WordPress, Drupal or some other CMS, you are in high danger of hacking. What is worse is that Mossack Fonseca, the law firm associated with the Panama Papers breach, already became a victim in such a scenario. Other big companies are also prone to hacking, as revealed by a research conducted by US security vendor RiskIQ.

The firm decided to examine the situation with well-known companies running on CMS platforms via the FTSE-30. This is how they established who uses WordPress and Drupal, and who uses outdated versions of the platforms, too.

Outdated WordPress and Drupal Versions Favored by Attackers

CMS vulnerabilities are a common denominator of many of the successful attacks we read about. With the ubiquitous nature of CMSs in driving the web experience, potential risks lurk for virtually all organizations. According to W3 Techs’ Web Technology Surveys, 65 percent of all websites using a CMS use WordPress or Drupal, which use open-source code that’s available to all—including malicious actors looking for exposures to exploit. The size of the WordPress and Drupal communities compounds the problem, as almost every vulnerability is found and publicized, many of which threat actors exploit before the good guys can patch them.

Who Has Been Analyzed by RiskIQ?

Their investigation includes corporations like British American Tobacco, BP, British Gas, Vodafona, BAE systems, Royal Bank of Scotland, GlaxoSmithKline, Softpedia writes. The total number of big-company-websites being hosted on either WordPress or Drupal is 1609. Researchers were able to verify the CMS version of 773 of these websites, 307 running outdated WordPress and Drupal versions with known vulnerabilities (CVEs) within.

The results of RiskIQ’s research prove that companies have not learnt their lesson. Which means that the case with the Mossack Fonseca data incident will not be the last one. Attackers have long preferred to craft their attacks via vulnerable CMS websites. Running an outdated version of WordPress or Drupal literally invites criminals in your backyard. Even if attackers cannot gain full access on a targeted company’s entire network, they could still use the vulnerable CMS for future attacks or reconnaissance campaigns.

WordPress- and Drupal-related malware attacks that have taken place in the near past:

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...