Sometimes, it seems that new ways of attacking an organisation’s online security are shooting up faster than Jack’s beanstalk. Some are relatively easy to defend yourself against; others are quite disturbing in their intricacy and powers of deception.
In our social media saturated world, one particularly worrying development has been SEO poisoning, also known as search poisoning. You may have come across it – though, I hope not. This is an attack method in which cybercriminals create malicious websites and use search engine optimisation tactics to make them show up prominently in search results. The sites are associated with terms that large numbers of people are likely to be using in searches at any given time, such as phrases related to holidays, news items and viral videos. According to Symantec’s researchers, many search results and tweets for trending topics are linked to malicious websites. (http://www.symantec.com/connect/blogs/attempts-spread-mobile-malware-tweets ) This is a simple way to propagate malware and viruses because we often don’t doubt the veracity of search results – we simply tend to trust and click!
The attackers create websites with names and descriptions associated with popular or trending topics. For example, in the weeks leading up to Halloween, you might have come across sites offering free templates for Halloween costumes; looking ahead, in the weeks or months leading up to Christmas you may well encounter festive recipe sites, trying to tempt you with mouth-watering offerings. In reality, the sites might be devoid of any relevant content or feature content stolen from valid sites.
The real purpose, however, is to infect your PC, laptop or mobile device with malware, or fraudulently access sensitive information to be used for identity theft. Malware on the site may co-opt the visitor's computer for a botnet or install a Trojan horse to steal login information. Another ruse is to present the user with a product they think they are buying and then access their credit card details.
To protect yourself from search poisoning attacks, security experts recommend that you keep your browser and antivirus software up to date, avoid clicking suspicious-looking links and never provide personal information online, unless you're certain the site is valid and the transaction is secure.
And it’s worth keeping in mind that even respectable websites can harbour malware and that search engine results often contain links to infected sites.
Some software platforms are subject to known vulnerabilities, and it's easy for the hackers to scan the Internet looking for those platforms and then try to exploit them.
Symantec SSL products scan your site daily for Malware and on a weekly basis sweep the same pages for vulnerabilities. Taking a layered approach to security is by far the best way and ensuring your sites are supported by website security solutions from Symantec is one of the essential layers.
For more information on website security download the Symantec website security threat report