GATEKEEPER BLOG

Drupal vulnerability - drupalgeddon2

When CMS Software Such as Drupal is a Threat

Sometimes, insider threats are less about people maliciously attacking your network but more about the software you install. Any type of software could have vulnerabilities including what would otherwise seem like innocuous software. Even CMS (content management system) software could pose a threat. This is exactly what happened with the latest Drupal threat. Drupal CMS introduced the vulnerability. Developers eventually patched the vulnerability. But lately taken advantage of by cybercriminals.

Drupal Vulnerability

Named “Drpalgeddon2” by attackers, the latest cybercriminal attack focuses on the common CMS software Drupal. The software isn’t the most common CMS on the market. But it still holds a big chunk of interest from developers and content managers that preferred Drupal over the other common CMS systems such as WordPress or Joomla. Because Drupal didn’t have the major market share, it wasn’t a common target for a lot of attackers. Being less popular has its advantages in the cybercriminal world. Because you aren’t as popular, fewer scripts and strategies are made against your software. However, it also means that cybersecurity experts spend less time focusing on your code and more time with more popular code bases. It also means you will find fewer bugs. It can also mean that cybercriminals can find exploits and vulnerabilities before you do.

Drupal Exploit

This is the case of the Drupal vulnerability that is marked as severe and unfortunately widespread among many Drupal sites. The vulnerability allows an attacker to change or delete data stored on a Drupal site. This could be severe for any enterprise that depends on Drupal for all of its content management.

The exploit makes it easy for any outsider to inject code into a site and take over the server simply by typing a URL into a browser. The injected code gives the attacker the ability to run code for whatever service they prefer, and the result is that the attacker can gain access to any data or service that they please. This could be a devastating blow to any enterprise that relies on Drupal as its content management system and stores sensitive data from its users. This data could be harmless. But it could also be PII (personally identifiable information) if it’s obtained from any part of the Drupal site.

Cybercrime Groups Exploit Vulnerabilities

The exploit is being targeted by three main cybercrime groups, according to Ars Technica. The three groups are able to probe vulnerabilities and other issues on a Drupal served web server and hack the site if it isn’t patched. Drupal released a patch in March 2018, but many site owners are unaware of the new patch and have failed to update their software with the critical patch.

If the attackers find that the Drupal site is vulnerable to exploits, they then target all the other possibilities. Vulnerabilities of other sites includes WordPress, Webdav, WebLogic, Webuzo, and any other site on their list. The vector is if the site has not patched itself since the vulnerability was found back in 2011. Since many site owners fail to patch their site, this makes the attacker even more dangerous.

If the attackers are able to find vulnerabilities on these sites, then the corporation could find that several of their critical content management systems is a point for a security flaw. It gives an attacker the ability to steal data and take over a web server silently. The site owner will not receive notification that an attacker is in. There are many attack vectors to defend against.

These errors come from negligence from insiders who fail to update software. To learn more about protection from insider threats, check out GateKeeper.

Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper Enterprise advanced MFA in action.

Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.