Researchers discover hackers using SEO to rank malicious PDFs on search engines

We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!


Today, security service edge provider, Netscope researchers have published Netscope Cloud and Threat Report: Global Cloud and Malware Trends, which found a 450% increase in phishing downloads in the last 12 months, and highlighted that attackers are optimizing search engine optimization. SEO). )) To rank malicious PDF files on search engines.

The report’s findings show that phishing attempts are constantly evolving, and that attackers are not just targeting employees through their email inbox; They are also using popular search engines like Google and Bing.

For enterprises, the rise of phishing attacks and the growing popularity of SEO techniques among cybercriminals highlight the need to provide security awareness training to employees so that they are willing to look at these risks online and not risk handing over sensitive information.

Phishing: a nuisance that will not go away

The report comes as security teams have consistently failed to meet the challenge of phishing attempts with traditional security tools such as secure email gateways.

Research shows that in 2021, 83% of organizations experienced email-based phishing attacks where they were tricked into clicking on a bad link, downloading malware, providing a login credential, or completing a wire transfer.

Now that hackers have turned to SEO techniques, the number of successful phishing attacks has increased and is likely to increase further, as attackers have a new medium where they can manipulate employees to hand over sensitive information beyond the protection of other security controls.

“People know they should be careful about clicking on links in emails, text messages and social media from people they don’t know. But search engines? This presents a more difficult challenge, “said Ray Kenzanis, director of Netscope’s Netscope Threat Labs.

How does the “average user” differentiate between a “benign” search engine result and a “malicious” search engine result?

How to find malicious PDF files

When it comes to defending against these SEO-driven attacks, Kenzanians highlight a number of methods that security teams can use to protect employees. The most effective solution is to use a solution that can decrypt and scan web traffic for malicious content.

At the same time, security teams should encourage users to monitor the link they click on and to be cautious if the link leads them to an unknown website.

If an employee clicks on a malicious PDF, they can expect to see a fake captcha at the top of the first page, followed by text on other pages. In these situations, users should close the file, delete it from the device and report it to the security team as soon as possible.

Cazanes also noted that it is important for users to report malicious URLs that are displayed on popular search engines to help the provider unlist them from the site and prevent other users from being scammed.

Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more about membership.

Similar Posts

Leave a Reply

Your email address will not be published.