Joomla CMS exploit attacks begin again only four hours after patch

12,000 attacks against insecure Joomla content management systems in 24-hours

Content management system company Joomla has been fighting to keep up with the speed of the criminal fraternity, as attackers began exploiting a flaw in its widely used CMS - by around 2.8 million customers - only four hours after an update and technical overview were released to address it.

This meant that customers had only that four-hour window before attacks against companies running Joomla commenced.

The critical vulnerability became widely-known last week when Joomla released version 3.4.5 of the software, which patched a SQL injection vulnerability that has been possible since version 3.2 - available since November 2013.

The vulnerability exists in a core module of Joomla, requiring no extensions and meaning that every single website using version 3.2 and above - which has not applied the patch - is vulnerable.

Knowing this, hackers got on the case at speed, and less than four hours after the version 3.4.5 patch appeared, several customers had already been attacked. Within 24 hours, security firm Sucuri had already recorded 12,000 exploitation attempts against Joomla-based content management systems.

It didn't help that the patch release and technical documentation came along on late Thursday afternoon in the US - the evening in Europe - when many IT departments were not working.

It remains to be seen whether the Joomla example stands not just as encouragement for IT to initiate patches and other changes faster than ever, but also for vendors to start considering more subtle ways of publicising vulnerabilities.

If this particular exploit was already primed for two years, it was only Joomla drawing attention to it that made so many opportunists pile on for the attack.