Content Management Systems Under Attack
Gaining access to underlying website infrastructures is as easy as targeting vulnerabilities and configuration errors in popular content management systems, such as WordPress and Joomla, Cisco said. Attackers also have been observed using automated tools to conduct brute-force attacks to force their way into the administrative console behind the platforms.
Drupal, an open-source CMS, which is growing in popularity, was targeted by attackers last year. Users of Drupal.org were forced to reset their account credentials following a breach of the support website. Successful attacks also target vulnerabilities in third-party plugins supported by the platforms. Cisco researchers said "successful attacks in 2013 can be traced back to plugins written in the PHP web-scripting language that were designed poorly and without security in mind."