Sometimes, it seems that new ways of attacking an organisation’s online security are shooting up faster than Jack’s beanstalk. Some attacks are relatively easy to defend against, while others are quite disturbing in their intricacy and powers of deception.
In our social media saturated world, one particularly worrying development has been SEO poisoning, also known as search poisoning. You may have come across it – although, we hope not. This is an attack method in which cybercriminals create malicious websites and use search engine optimisation tactics to make them show up prominently in search results. The sites are associated with terms that large numbers of people are likely to be using in searches at any given time, such as phrases related to holidays, news items, and viral videos. According to Symantec’s researchers, many search results and tweets for trending topics are linked to malicious websites. (http://www.symantec.com/connect/blogs/attempts-spread-mobile-malware-tweets ) This is a simple way to propagate malware and viruses because we often don’t doubt the integrity of search results – we simply tend to trust and click!
Attackers create websites with names and descriptions associated with popular or trending topics. For example, in the weeks leading up to Halloween, you might have come across sites offering free templates for Halloween costumes. Looking ahead, in the weeks or months leading up to Christmas, you may encounter festive recipe sites trying to tempt you with mouth-watering offerings. In reality, these sites may be devoid of any relevant content or feature content stolen from valid sites.
The real purpose, however, is to infect your PC, laptop or mobile device with malware, or fraudulently access sensitive information to be used for identity theft. Malware on the site may co-opt the visitor’s computer for a botnet or install a Trojan horse to steal login information. Another ruse is to present the user with a product they think they are buying and then access their credit card details.
To protect yourself from search poisoning attacks, security experts recommend that you keep your browser and antivirus software up to date, avoid clicking suspicious-looking links, and never provide personal information online unless you’re certain the site is valid and the transaction is secure.
It’s worth keeping in mind that even respectable websites can harbour malware, and that search engine results often contain links to infected sites.
Some software platforms are subject to known vulnerabilities, and it’s easy for hackers to scan the Internet looking for those platforms before attempting to exploit them.
Symantec SSL products scan your site daily for Malware, and sweep the same pages for vulnerabilities on a weekly basis. Taking a layered approach to security is by far the best. Protect your website! Ensure your sites are supported by website security solutions from Symantec.