Security Weekly

Increased Volume of Threats During Holidays

Cleanshot 2023 11 30 At 14.14.30

Published:

Cleanshot 2023 11 30 At 14.14.30

Oliver Sild

Patchstack

Oliver Sild is the CEO and Co-founder of Patchstack. He is an entrepreneur and cyber security expert with a strong focus on community building. He has been organising hacking competitions (& local CTF community) in Estonia since 2016, has kickstarted a startup community in his hometown and has nearly 10 years of experience with WordPress security.

Week 49

We are just a few days away from Christmas holidays and many people have already gone to their well deserved vacations. When companies are under staffed and resources are allocated only to critical business operations – the attackers have a window of opportunity.

In December, people are trying finish their remaining tasks (which can end up being higher workload than usual) in a rush and are at the same time distracted more than at any other time of the year.

In 2022, a study made by a cybersecurity training company ThriveDX found that ransomware increased by 30% during the holiday season. Fake websites (and hacked websites) are being used to steal credit card information from the holiday shoppers and delivery scams are going after personal and other financial information.

Keeping WordPress sites and customers safe during holidays

To make sure you’re not “surprised” with a gift of a hacked website or an angry customer phone call in the morning of the Christmas Eve, it’s best to take some extra care of the websites you manage before heading off.

Updating the websites and making sure the WordPress core version, plugins and themes are up to date is essential. If you haven’t done so yet, getting rid of any outdated and deactivated or even abandoned plugins is also a must.

If you’re managing a team who has access to the sites, make sure to remind them about the increased volume of attacks so they know to be more vigilant and to avoid using their work devices when hunting down deals for Christmas presents around the web.

Stay proactive and encourage customers to do the same

Building a website and managing it for the customers means you’ve taken at least some responsibility of the digital presence for your customers. However, they have their own part in this – so it’s always good to remind them to be mindful of the scams and threats that may be after their login credentials and other information.

For example, last week, Datadog released a threat research article where over 390,000 credentials which believed to be for WordPress accounts were discovered. A great time of the year to check haveibeenpwned.com, enforce a stronger password policy and make sure 2FA is used where ever possible.

Cleanshot 2023 11 30 At 14.14.30

Oliver Sild

Patchstack

Oliver Sild is the CEO and Co-founder of Patchstack. He is an entrepreneur and cyber security expert with a strong focus on community building. He has been organising hacking competitions (& local CTF community) in Estonia since 2016, has kickstarted a startup community in his hometown and has nearly 10 years of experience with WordPress security.

Brought to you by:
Logo

Patchstack auto-mitigates security vulnerabilities found on WordPress core, plugins and themes. Patchstack is the leading vulnerability intelligence provider in the entire WordPress ecosystem and has the largest collection of vulnerability specific vPatch rules that provide precision protection without any performance hit nor false positives. Patchstack is the go-to security provider for many of the leading agencies such as 10up, Valet, SiteCare and others.

Never Miss an Issue!

Subscribe and have Security Weekly delivered to your inbox every week!

Care Plan Toolkit

Save time, boost profits, and confidently manage client websites with proven tools, tips, and resources.

Bento Toolkit

More from Security Weekly

Week 48

What Will WordPress Security Look Like in 2025?

I was thinking wether to leave this as the last security weekly, but I recon that …

Week 47

Why Use Virtual Patching for WordPress Security?

Virtual patching is a security strategy that involves applying protective measures to the WordPress application without …

Week 46

What Role Does AI Play in WordPress Security?

We can’t ignore the power of LLMs and AI when it comes to security. At Patchstack, …