15 October 2020

Proven malware cyber attack on CMS templates makes you vulnerable

Malware is taking advantage of an easy path to your machines. By tampering the standard Content Management System (CMS) templates used for web application development, an age-old technique called phishing is still actively used to gain entry and compromise applications built with Wordpress, Drupal, Magento and other open source platforms.

Almost millions of systems have been compromised till date.

The web is full of such attack vectors and this trend shows no signs of abating in the near future as patched problems are replaced by newer and more ingenious attack routes. While there is no silver bullet or cure-all panacea, the potential to fall victim to such malware attacks can be minimised.

A few months ago I learned a very interesting and new method to inject malware into Joomla templates. I've since discovered that this attack vector is not limited to just Joomla templates, but such attacks can happen using many other standard CMS templates as well. This technique allows the attacker to gain access to the compromised servers and install malicious files that can then spread and wreak further havoc throughout the application.

Cyber attackers who use this method make use of simple PHP code injected into the CMS Templates. This code then allows them to call files remotely to help the malware spread to the compromised server. The vulnerability is such that the cybercriminal will have the ability to take full control over victim machines.

I have tried this on test systems that we have spun in-house and I can confirm that this works!

The fix

A malware infection through this method can be avoided if all stakeholders play their part. Developers must:
  1. Minimize changes to the CMS's core building blocks.
  2. Use checksum hash to validate the version.
  3. Only download free code and modules from trusted sources.
  4. Vigilantly check downloaded or externally-sourced code for cyber security vulnerabilities or backdoors (contact us if you need help with this)
System administrators should:
  1. Use Agile methodology for development & maintenance so issues can be identified and resolved quickly.
  2. Conduct thorough automated regression testing to ensure business rules are appropriately applied throughout the application
  3. White list allowed IP ranges to access the server and application backend
  4. Regularly run malware checks (contact us if you need help with this)
  5. Plan and stick to a disciplined and structured data backup regime to recover from an attack
  6. Conduct regular penetration tests before all major releases
Users of the CMS system can also help to assure the security of the Magento / Drupal / Joomla / Wordpress application by:
  1. Never clicking or open suspicious links and reporting such links to their teams when found.
  2. Ensuring that they only access the application backend on trusted networks.
  3. Installing and maintaining updated versions of reputable anti-virus and anti-malware applications on their computers.
Open source CMS's and platforms like Wordpress, Joomla, Drupal and Magento are incredibly complex, flexible and powerful applications. However, their most sought-after advantages can also become their Achilles Heel.

If you need help in finding cybersecurity vulnerabilities in your application or with effective and constant security monitoring of your CMS, speak to us understand how we will be able to help you. Right now, we're offering a free strategy session to help set you on the right path to achieve your goals.
Or contact us on +61 8 8312 1287 or solutions[at]qsometech.com


Post a Comment