Posted on May 10, 2022 at 7:17 PM
Hackers Are Now Ranking Malicious PDFs On Search Engines, Researchers Warn
Cybersecurity researchers at security service edge provider Netscope recently published a global threat report that shows that hackers are ranking malicious PDFs on search engines. The report revealed that the hackers are using various SEO techniques to send malicious PDF files to the top page of Google and other search engines. The report also shows that phishing downloads surged 450% over the past 12 months.
It also explained that phishing attempts by threat actors are always evolving as they seek new ways to deceive their targets and plant malware on their devices.
Additionally, the threat actors are not only targeting employees via their email addresses, as they are now using popular search engines to get to their targets. The attackers are increasingly using search engines because the users are more likely to follow their commands if they are approached via popular search engines like Google and Bing.
More Hackers Now Use SEO Techniques For Phishing Attacks
The growing popularity of SEO techniques and the increase in phishing attacks makes it more dangerous for enterprises. It also shows the need to train employees and provide them with the necessary security awareness they require. In most cases, the threat actors pass through the workers to get into the security systems of the organizations. As a result, employee training on security has become more important than ever before, according to the researchers.
This is necessary to get the workers prepared to identify online threats and prevent the risk of handing over sensitive information.
The Increasing Menace Of Phishing Attacks
The report is coming at a period phishing attacks are fast becoming the major issues most organizations doing business online are facing.
Security teams have always failed to address the issue of phishing attacks using traditional security tools like secure email gateways.
Researchers at Proofpoint, during a survey in 2021, showed that 83% of organizations and businesses experience email-based phishing attacks. In most cases, they were deceived into completing a wire transfer, providing login credentials, downloading malware, or clicking on a malicious link.
And as threat actors are now interested in using SEO techniques to aid their phishing attacks, the number of exposed employees could be more.
There is a potential for these numbers to multiply in the future if security protocols against phishing attacks do not improve. The threat actors are now using a new method where they can easily deceive their targets and make them hand over their login credentials outside the protection of other security protocols. It means that email protocols will be useless if the attackers start using search engines to get their targets.
A Change In Strategy By Threat Actors
A lot of security protocols have been taken by employees and organizations. Now many workers know they are not supposed to click links from social media, text messages, and emails from people they don’t know. The attackers are not having enough joy with this type of approach as more people are now aware of the danger and risk.
They are now turning their attention to search engines, which presents a much harder challenge for the users, according to Ray Canzanese, Director of Netskope Threat Labs.
Since search engines are perceived to have resulted from genuine pages, it will be very difficult for the average user to differentiate between a genuine search engine result and a “malicious” one. Researchers have advised enterprises to provide a web filtering solution to tackle this new problem.
The SEO-Driven Attacks Can Be Handled
Canzanese highlighted that there are several methods organizations can use to defend against these SEO-driven attacks. One of the best solutions is to utilize a tool that can decrypt and scan web page traffic for malicious content. Apart from that, he says security teams should advise users to scrutinize all links they click on and be very cautious if the link takes them to a website there are not familiar with.
Even if the employee eventually clicks on a malicious PDF, they can always look at the fake captcha at the top of the page before the text on other pages. Users that encounter such situations should close the file immediately and delete it from the device.
They should also report the experience to the security team to enable them to deal with the situation on time. Users are also advised to report any malicious URL they see on popular search engines to enable security teams to deal with the situation before other users can become victims.