Mossack Fonseca Breach

Mossack Fonseca Breach – WordPress Revolution Slider Plugin Possible Cause

Update: We have written a follow-up post on how an attacker may have moved laterally on the networkfrom WordPress into the email server.

Mossack Fonseca (MF), the Panamanian law firm at the center of the so called Panama Papers Breach may have been breached via a vulnerable version of Revolution Slider. The data breach has so far brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures. It is the largest data breach to journalists in history, weighing in at 2.6 terabytes and 11.5 million documents.

Forbes have reported that MF was giving their customers access to data via a web portal running a vulnerable version of Drupal. We performed an analysis on the MF website and have noted the following:

The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server. 

Panama Papers: Email Hackable via WordPress, Docs Hackable via Drupal

The MF client portal that provides clients access to data was running (and continues to run) a version of Drupal that has over 23 vulnerabilities. This version was responsible for “Drupageddon“, a mass hacking of Drupal sites. This link to mossfon.com’s drupal changelog shows they are still running an old vulnerable version of Drupal.

Advertisements

About Educational CyberPlayGround, Inc.®

Educational CyberPlayGround, Inc. strives to help Teachers, Parents, and Policy Makers Learn about: Music, Teaching, Internet, Technology, Literacy, Arts and Linguistics in the K12 classroom.
This entry was posted in NetHappenings. Bookmark the permalink.