WordPress Advisory: Critical vulnerability found in NextGen Gallery plugin. Cross-site request forgery and potential remote code execution will lead to more than tears. Over 800k installs out there and 530k still need to patch.
Let this serve as more than just a cautionary tale because next time the consequences could be deadly. An unknown attacker gained remote access and tried to increase the quantity of sodium hydroxide, or lye, in the water treatment plant. Apparently the specialized ICS and SCADA systems running the plant were “outdated, unpatched and available for review on the internet, leaving them incredibly vulnerable to compromise.”
ICS and SCADA were not designed to be internet-facing, so that when facilities using them get set up online, the necessary security, monitoring and controls are not in place. It’s easy for attackers to scan for and find exposed instances, increased by the need for remote work.
Attacks on critical infrastructure have increased over the past year, either as a crime of opportunity by low-level attackers or by highly targeted attacks by nation states, such as Iran’s attack on Israeli water systems in 2020.