The Wordfence Threat Intelligence team announced that they had noticed a significant increase in malicious login attempts targeting WordPress sites in their networks. The team announced that the attack was started on 17 November, and the number of login page attacks has doubled since it has begun.
Originating from AWS EC2 instances
Since WordPress is by far the most popular platform on the internet, it also attracts the attention of hackers. But this time, it is struggling with cyberattacks. Over a quarter of malicious login attempts originate from AWS EC2 instances.
The malicious login attempts were originated from approximately 5,000 EC2 instances
According to the announcement, over 77,000 IP addresses sent these login attempts and the majority of these attacks were originated from approximately 5,000 EC2 instances. The Wordfence team announced these IP addresses and blacklisted them to protect users.
Wordfence stated that attackers are taking advantage of AWS’ easy scalability for cloud services. These IP addresses are no longer sending out login attempts; thus, Wordfence decided to remove them from its blocklist. The Wordfence team said,
« Many site owners still reuse the same password in multiple locations, and data breaches, such as the recent GoDaddy breach, are frequently a source of compromised passwords. These compromised passwords are used by attackers to attempt to login to even more sites and services. Using this technique, attackers may guess your login correctly on the first try. We also recommend that everyone use 2-factor authentication wherever possible, as it is an incredibly effective way of protecting your site even if an attacker has your password. »