Php Servers And IOT Devices Face Growing Cyber-attack Risks

A sharp increase in attacks targeting PHP servers, internet of things (IoT) devices and cloud gateways has been identified by cybersecurity researchers.

The latest report by the Qualys Threat Research Unit (TRU), published today, attributes the rise to botnets such as Mirai, Gafgyt and Mozi, which are exploiting known CVEs and cloud misconfigurations to expand their reach.

With PHP powering over 73% of websites and 82% of enterprises reporting incidents linked to cloud misconfigurations, the digital attack surface continues to grow. This makes servers running PHP-based applications, such as WordPress, especially attractive to attackers seeking remote code execution (RCE) or data theft opportunities.

“Routers and IoT devices have long been targeted and compromised to form increasingly large botnets,” said James Maude, field CTO at BeyondTrust.

“Almost a decade ago, we saw the rise of the Mirai botnet, which initially abused 60 default usernames and passwords to log into and infect a huge number of devices.”

He added that while history doesn’t repeat itself, “it often rhymes when it comes to router compromise and botnets.”

Qualys highlighted several vulnerabilities currently being exploited in the wild:

CVE-2022-47945: An RCE flaw in ThinkPHP due to improper input sanitization

CVE-2021-3129: A Laravel Ignition debugging route left active in production

CVE-2017-9841: A long-standing PHPUnit flaw exposing the eval-stdin.php script

Source: InfoSecurity Magazine