Thousands affected in the latest WordPress brute force attack, poses a challenge for cyber experts

It started of as a Web3 Crypto Malware

3 min. read

Published onMarch 7, 2024

published onMarch 7, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Cyber attacks are getting advanced in nature, and it’s becoming increasingly difficult to tackle them. In the latest developments, a new WordPress brute force attack is employing the end user’s browser to target thousands of websites.

First reported bySucuri Security, the new brute force attack is an advanced iteration of the already prevalentWeb3 Crypto Wallet Drainers, an active threat for over a month that uses drainers to steal crypto assets from compromised wallets.

According toSucuri Security, the new3Kblong script,dynamic-linx[.]com/chx.js, has been injected on over 700 websites and counting. Once a website is compromised, attackers can automatically use the visitors’s web browser to attack more, and the chain continues!

The challenge for cyber security experts here is filtering requests from real, legitimate users who were exposed to such websites.

How does the attack work?

It’s a complex multi-step process, and we have tried to break it down for you in simple terms:

For the unversed, aBrute Force Attackworks by bombarding the authentication servers with a wide array of login credentials (starting with simpler ones and then moving to complex sets) with the hope that one would work.

According toSucuri Security, the only plausible reason why threat actors moved fromWeb3 Crypto Wallet Drainersto WordPress brute force attacks is that the former couldn’t be scaled and was easy to detect. As a result, infected websites were soon blocked.

So, threat actors could be trying to infect as many websites with different unnoticeable scripts before launching an attack that’s more profitable.

Measures to prevent the attack

At present, with minimal information about the scale and intricacy of the WordPress brute force attack, having a secure password and deploying IP-based restrictions on access to critical parts of the website could help.

Brute force attacks are getting complex in nature, and protecting your website or data is becoming all the more difficult. So, it’s time you gear up and choose anadvanced website security software!

For users, a combination of an antivirus and firewall will provide the necessary web-based protection. Besides, practicing good cyber hygiene will keep you safe from similar attacks.

If you know more about the attack that could help our readers, share it in the comments section.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Thousands affected in the latest WordPress brute force attack, poses a challenge for cyber experts#

How does the attack work?#

Measures to prevent the attack#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Thousands affected in the latest WordPress brute force attack, poses a challenge for cyber experts

How does the attack work?

Measures to prevent the attack