Ilia Kolochenko, founder and CEO of web security company ImmuniWeb has commented:
“Technical details of the breach still remain obscure and it would be premature to make any conclusions at this point of time.
Today, all cryptocurrency-related businesses should be well prepared to defend against constant and sophisticated cyber attacks. In reality, however, virtually all of them underestimate or ignore digital risks and allocate scant resources for cybersecurity. Most have to compete on a very aggressive and turbulent market and thus are reducing their costs by all available means. Software development suffers most tremendously as cheap outsourced code cannot be secure by definition.
To bring certainty to the cryptocurrency markets clear regulatory standards are required, such as is PCI and PA DSS. Even if they are not a silver bullet, they greatly reduce both the number and average volume of credit cards theft.”
The new WordPress 5.2 build has shipped with new defense measures against possible supply-chain attacks.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb has commented on the news:
“This is undoubtedly a robust security enhancement of WordPress plugin management. However, it does not protect against many popular attack vectors involving third-party plugins. For example, a compromise of a plugin developer’s machine will likely allow the push of malicious but signed updates of a purely legitimate appearance. This may create a disastrous situation where victims blindly trust malicious updates.
Worse, authors of some popular plugins will probably readily sell their projects for an amount ten times lower than a well-organized cybercrime group may generate in profits backdooring the plugin. Last, but not least, the vast majority of WordPress plugins today contain numerous, often high-risk, security vulnerabilities enabling the attackers to breach and backdoor virtually all WordPress installations with the plugin without any further complexities.”