There is a new WordPress malware attack that spoofs the website into a notification from Cloudflare suggesting the site you visited is under a DDoS (Distributed Denial of Service) protection. The spoofed website then encourages visitors to click a button bypassing the DDoS protection screen. The catch though? The visitor is actually downloading malware to their device.
Impacting your small business
This attack and similar ones can impact your small business in two ways. One, you could visit what you thought was a legitimate website and download the malware. Two, you could be the website owner unknowingly infecting your visitors’ devices with malware. There is also the chance, you are both one and two!
Think before you click
Just like opening emails, when visit any website you should be on the lookout for odd or unusual behavior. Now, being redirected to a Cloudflare DDoS page isn’t necessarily odd, but asking the user to click a bypass button is. Usually the DDoS protection notification page will redirect automatically to the intended website or ask the visitor to perform a CAPTCHA before doing so. In this particular case, the DDoS notification requests you select the bypass in which you will receive a verification code via a downloaded file to your device. This should sound the alarms as being forced to download a file as the means to access a website is highly unusual.
Protecting your WordPress site
Just as you need to protect your business network and devices, you need to protect your website from compromise. WordPress is notorious for headlining articles, but that is because they are a widely used website creator. WordPress offers many free to use features and 3rd party plugins that can all have vulnerabilities. It is recommended to deploy website protection to not fall victim. You can check out on Small Business, Big Threat our list website protection and other cybersecurity solutions. It is also worth checking out WordPress’ security plugins and this article by TechRadar.
Having options is good and requires researching whichever solutions you are interested in using for protecting your own website.
For more information on protecting your small business from cybersecurity threats, like this WordPress malware attack, check out Small Business, Big Threat!