Many websites lack a proper backup policy, which can result in the loss of information. Sometimes, to avoid this loss, they prefer to delete the note without checking if the attacker has left any hidden access in the system.
In the context of recent attacks on government sites, a hacker known as aDriv4 has been offering a set of malicious tools in messaging groups, highlighting a bot called 'New Bot Private aDriv4 v1 WordPress'. This bot has features that could facilitate access to thousands of vulnerable sites, allowing for brute-force attacks to obtain passwords and the uploading of malicious files to compromised servers.
The hacker offers these tools for 80 dollars, limiting the sale to only 10 buyers to avoid being detected. The offer of zero-day vulnerabilities on WordPress-based sites suggests that more government portals could be at risk, which should be a cause for concern.
aDriv4, according to Zone-H records, has carried out more than 1,400 attacks worldwide, including 504 from a single IP address and 908 mass attacks. Recently, at least three government sites in Mexico, including those in San Andrés Tuxtla (Veracruz), Puerto Morelos (Quintana Roo), and Pinos (Zacatecas), have been compromised, showing signs of a type of attack known as defacement where the content was altered.
Cybersecurity specialists like Víctor Ruiz and Nicolás Azuara warn about the severity of these attacks. Ruiz highlights that these visual attacks are a warning about critical vulnerabilities, while Azuara emphasizes that defacement not only involves a visual alteration but can open the door to cybercrimes such as information theft or the insertion of malware.
These defacement attacks could be just the beginning of more serious attacks, allowing for database theft, malware dissemination, misinformation, and manipulation, which underscores the importance of strengthening cybersecurity in Mexican government sites. Despite the lack of an official statement from Mexican authorities regarding this matter, cybersecurity experts continue to analyze the impact and the possible expansion of this situation to more government sites.
