This article originally appeared in Infosecurity Magazine on March 25, 2019.
The Easy WP SMTP Plug-in that is used by WordPress site owners to configure the SMTP settings of their site server’s outgoing emails, is being leveraged by hacker groups to create backdoor admin accounts and redirecting users to tech support scams. Both NinTechNet and Defiant – cybersecurity companies have reported the attacks.
Brandon Chen, Digital Security & Operations Manager at The Media Trust:
“Thoroughly vetting plugins, ensuring they’re up to date and executing only authorized tasks, and removing them when they’re no longer needed, are all part of protecting users from identity and financial theft. Each plugin represents at least a few attack surfaces, because the code that enables the plugin to function is coming from at least one vendor, who likely bringing in outsourced code. In short, every plugin you introduce into your digital environment introduces third parties you may or may not know—and chances are, you don’t know most of them. Moreover, developers, who are driven by short product cycles and operate on very tight budgets, too often take security for granted. Meanwhile, bad actors, who know how developers operate, are constantly on the prowl for vulnerabilities they can use to attack end-users. In order to improve your site’s defense posture, you’ll need to limit the plugins or code that run on the site, monitor the code closely for any unauthorized activities, and work closely with plugin providers on terminating activities as soon as they’re spotted.”