This week over 162,000 legitimate WordPress sites were used by hackers to launch a huge distributed denial of service (DDoS) attack against another popular website.
Security researchers from Sucuri confirmed earlier this week that hundreds of thousands of totally harmless sites were harnessed to mount the attack using a flaw in the WordPress system. Although the security firm would not confirm who the target of this attack was, it has been stated that the victim was a “popular WordPress site” which went down for a number of hours.
While the attack launched against this unnamed WordPress site was small in comparison to the recent siege against Namecheap, it still succeeded in crashing servers and causing down time. According to Sucuri’s chief technology officer Daniel Cid, the attack is remarkable because it may have come from a single hacker working alone. In a blog post on the attack, Cid expanded on why this lone hacker’s technique could be dangerous in the future.
“One attacked can use thousands of popular and clean WordPress sites to perform their DDoS attack, while being hidden in the shadows.”