New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors
Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called PerlBot or Shellbot.
Researchers at IBM Security’s Managed Security Services reported the activity on Wednesday and said a successful attack can open a backdoor to a vulnerable Drupal websites, giving adversaries complete control over the site. Under the NIST Common Misuse Scoring System, the Drupalgeddon 2.0 vulnerability has been given a score of 24/25, or highly critical.
The Drupal security team has known about the vulnerability since at least March, reporting under CVE-2018-7600. Upgrading older versions of Drupal 7 to 7.58 and older versions of Drupal 8 to 8.5.1 will patch the Drupalgeddon bug. Drupal is estimated to be used on 2.3 percent of all websites and web apps worldwide.