Cybersecurity (opens in new tab) researchers have noticed an increase in attacks against WordPress (opens in new tab) websites, with more than a quarter originating from EC2 cloud computing (opens in new tab) instances of Amazon Web Services (AWS (opens in new tab)).
Wordpress security (opens in new tab) experts Wordfence (opens in new tab) share that of 77,000 IP addresses that have sent out malicious login attempts on WordPress installations, about 5,000 have come from EC2 instances (opens in new tab).
Interestingly, Wordfence's QA engineer and threat analyst Ram Gall notes most of the IP addresses used by the attackers only started exhibiting malicious behaviour last week, post which they’ve been added to their blocklist.
“While AWS makes it easy for businesses to move to the cloud, attackers are also utilizing the scale provided by cloud services, including AWS, in increasing numbers,” shares (opens in new tab) Gall.
Mercenary IPs
Gall shareed a list of 40 IP addresses that have each made over one million malicious login attempts since November 17, 2021. Surprisingly, these IPs have been on Wordfence’s blocklist for almost a year now.
Gall believes the persistence of these IPs is perhaps indicative of the fact that attackers have paid for them. Banking on this assumption he asserts that it’s high time that websites ensure they have the right mitigations in place “since it has never been easier to inexpensively attack millions of sites at once.”
He points to breaches such as the recent GoDaddy attack (opens in new tab), which give attackers hordes of compromised passwords that they then employ to attempt to login to even more sites and services. Thanks to the habit of reusing passwords, credentials gleaned from breaches enables attackers to break into more websites, sometimes on the very first attempt.
In addition to adopting sensible password practices, Gall also recommends users to switch to two-factor authentication (2FA (opens in new tab)), which he says is an “incredibly effective” method of protecting websites even if the attacker has access to your login credentials.
Protect your computers with the help of the best endpoint protection tools (opens in new tab) and use these best security keys (opens in new tab) to add another layer to safeguard your accounts