The Drupal Security Team has advised of a critical vulnerability in its Drupal 7 software, for which it issued a patch on the 15th of October 2014. If your website has not been patched their advice is to assume your site has been compromised.
Hackers began automatically attacking unpatched versions within hours of the issued advisory.
If you or your business has a website using the Drupal 7 CMS, you should take immediate action to apply the patch and then evaluate further mitigation options. This could include restoring or rebuilding the site, forensic investigation, notification of the incident to associated parties and users, and other actions which will depend on your site and its function.
You may not know your site has been compromised. It is possible for the attackers to create ‘backdoors’ or access points on your system, which can later be used to gain access to your site and data, after the patch has been applied—without your knowledge.
For more information on this breach take a look at FAQ on SA-COR-2015-005
If you would like your site reviewed, patched or audited feel free to contact us. We have assisted several organisations already in this situation and are happy to discuss the next steps with you.