Drupal Again the Target of Hackers, with Over 400 Sites Infected

Websites from around the globe are being hacked and turned into energy and computing sources for the criminals behind it, independent internet security researchers announced on Monday. Over 400 computer sites from the United States, Germany, France, Canada, and Russia, were targeted. The United States was the largest target with 123 hacked sites , 100 more than any other one country.

The hackers have found a diagnostic vulnerability in the Drupal open source program, one of the most popular CMS (Content Management System) providers and used it to attack websites from Universities, Financial Institutions, e-retail, and even Governments. Drupal has over one million active websites using their CMS.

Dubbed ‘Drupalgeddon 2’, it grew from 348 infected sites over the weekend to over 400 on Monday, despite infected websites being notified and securing their sites with the new security patches.

Tony Mursch, an independent security researcher posted on his blog over the weekend,

We’ve seen plenty [of] examples of Durpalgeddon 2 being exploited in the past few weeks. This is yet another case of miscreants compromising outdated and vulnerable Drupal installations on a large scale. If you’re a website operator using Drupal’s content management system, you need to update to the latest available version ASAP.

Back in March when first notified of the problem, Drupal immediately dispatched a security patch. The problem is, not everyone installed it. As it became more and more known in the hacking community, programs were created to scan the Internet to find accessible websites. Over the last three weeks, the attacks have grown larger.

Equally disturbing is Drupal’s warning that there is a new ‘code-execution vulnerability’ making the rounds, and even though this one is specific to each individual system (making it harder to grow at the pace of one like this), it still remains a problem that has to be dealt with.

In late 2017, cryptojacking became the new hack, as underground programmers would install scripts on unprotected websites, that then run their program on unsuspecting computers. The program draws processing power from the computer (this is known as ‘mining’), to help generate Moreno, one of the most popular cryptocurrencies .

Most computer users don’t even notice the difference in the small amount of power mined, but the number of computers combined adds up to money for the hackers.

Drupal has gone through this before, in 2014, with what was called the original ‘Drupalgeddon’, websites were alerted, patches installed, and things went back to normal.

We continue to see web design not being able to keep up with the underhanded maneuvering of hackers , and when customers are slow to download new security patches, it just makes it all that much easier for the bad guys. And as we become more and more reliant on these programs to run our lives, the value that can be obtained through hacking them becomes greater.

Security Researchers will have to continue to be vigilant in staying as much in tune with hackers as they can, as no software is perfect, and someone will always be trying to find a way to manipulate it.