Content management systems (CMSs) heavily targeted over the last year
CMSs were heavily targeted over the last year: Almost 20% of all attacks targeted CMS platforms and every region included two to four CMSs in their top 15 targeted technologies.
Popular CMS platforms such as WordPress, Joomla!, Drupal, and noneCMS account for about 70% of CMS market share. Additionally, nearly 55% of all attacks were application-specific (33%) and web-application (22%) attacks.
Which regions and industries are most at risk?
- CMSs were common attack vectors in EMEA, with several countries including multiple CMSs in their list of most-commonly attacked technologies. In Sweden, attackers targeted a noneCMS input validation vulnerability (CVE-2018-20062) more than any other vulnerability. Joomla! and WordPress were the CMS suites most-commonly attacked in the region.
- Joomla! was the most highly targeted CMS in every country analysed in Asia Pacific.Attacks in Japan included three CMS platforms in the eight most-targeted technologies. Interestingly, Hong Kong didn’t show any CMS suites in their most-commonly attacked technologies.
- Technology experienced nearly a 70% jump in overall attack volume in the last year, led by significant jumps in both application-specific attacks and denial-of-service attacks. Application-specific attacks focused on technologies supporting the industry’s web presence, most notably CMS systems and web technologies such as Microsoft’s IIS, Joomla! and ColdFusion.
- CMS attack activity against manufacturing was notably high in the last year, specifically application-specific attacks against WordPress.
- The healthcare industry was also under fire. Of the top 20 targeted CVEs, attacks on the Drupal CMS accounted for 28% of all incidents.
- CMS attacks were prevalent in the government sector, which saw significant jumps in both reconnaissance activity and application-specific attacks. Application-specific attacks tended to focus on the same technologies as most industries – CMS suites, along with supporting tools and applications. This has been helped by an increase in internet-delivered services designed to help citizens obtain regional or local assistance.
Steps to success
Due to the high levels of attacks on CMSs, organizations should pay particular attention to application security, specifically around:
- proper configuration of the CMS services
- use of strong passwords
Recommended for you
Cybersecurity for business continuity
Find out moreRegister to receive our Monthly Threat Reports
Register hereSecurity needs to be proactive
Read moreHow we can help you
Security Consulting Services
Protect your key assets by applying your resources and controls effectively, and in the right places.
Read moreSecurity
Create, build and manage a predictive security ecosystem that protects your intelligent business.
Read more
Managed Security Services
End-to-end security infrastructure and operations management keeping your business safe and compliant.
Become secure by design