AWS Attacks Targeting WordPress Increase 5X

WordFence - 

The Wordfence Threat Intelligence team has been tracking a huge increase in malicious login attempts against WordPress sites in our network. Since November 17, 2021, the number of attacks targeting login pages has doubled.

We’ve seen a global increase in attacks against WordPress sites during the past week, and more than a quarter of all of the malicious login attempts we’re tracking are now originating from AWS EC2 instances, as shown in the chart below:

More than 77,000 IP addresses in this IP space have sent out malicious login attempts since November 17, 2021, but the vast majority of attacks are originating from roughly 5,000 EC2 instances.

Most of these IP addresses have only started attacking enough sites to be added to our blocklist in the last week.

The following 40 IP addresses, however, have been on the Wordfence blocklist since the end of 2020 and have each sent out over 1 Million malicious login attempts since November 17, 2021:

35.183.60.188
54.176.188.51
52.60.189.115
52.52.190.187
52.65.15.196
18.231.94.162
34.209.105.222
34.215.69.55
18.221.206.247
52.64.20.252
13.124.222.242
35.181.87.238
18.229.73.207
13.233.73.212
13.209.28.104
52.42.79.222
13.232.96.15
52.15.212.3
13.58.56.77
18.136.72.135
52.30.16.188
35.178.16.1
18.194.196.202
13.48.53.51
13.53.64.97
34.241.77.13
54.250.87.247
3.8.68.2
18.197.125.181
34.251.241.226
18.184.155.204
35.180.147.121
52.192.73.251
3.8.12.221
35.181.112.20
3.0.115.255
13.228.104.57
13.53.208.18
54.178.182.46

Read More: https://www.wordfence.com/blog/2021/11/aws-attacks-targeting-wordpress-increase-5x/