How Attackers Exploit Search Engines to Spread Malware
When it comes to what’s considered hot and what’s not on the internet, Google is a tastemaker almost without equal. With its mission of making the world’s information useful and universally accessible, Google’s search algorithms determine which websites and news articles are ranked highly and which are forgotten. Only one quarter of Google users ever move beyond the first page of results, and a fraction of that number proceed further to pages three, four, five, and so on.
Websites therefore do everything they can to stay on the good side of Google, and make whatever changes they believe will get them preferential ranking. This is the world of Search Engine Optimization (SEO), a process designed to improve the quantity and quality of traffic sent to a particular website or web page from the likes of Google. SEO is an art, which is why experts in the subject are frequently sought after to help websites gain more traffic. After all, more traffic equals more visitors which, in turn, translates into more revenue — either through advertising or, in the case of ecommerce, through sales.
Unfortunately, it’s not just the good folks who are finding ways to harness SEO to their advantage. Bad actors have also found ways of tapping into the power of optimized searches, and are using it to inflict damage. In doing so, they represent a major challenge to those without the right cyber security platform to help them.
How attackers abuse SEO
Poisoned search results is one recent way that attackers have found to hurt users through malware: software that’s designed to perform acts like encrypting valuable files, stealing data, causing damage, or even spying on users.
There are various methods that attackers can use to increase their ranking in search engines, moving them up the list of search results so that they are more likely to receive user clicks. The oldest way to do this was to flood web pages with keywords that would thereby increase their ranking, since search engines index according to which sites they think are most likely to be relevant — and a website that includes a high density of keywords may appear (to an algorithm, at least) to be more useful to readers. However, search engines have largely closed this loophole, thereby cutting down on an exploit that could be used by attackers.
An alternative approach involves the use of cloaking techniques that can show different web content to users than are seen by the search engine spiders, the bots harnessed by search engines to index website contents on the internet in order that they appear in the results shown by search engines. Cloaking is a form of “bait and switch” similar to invisible text, which can be used to abuse the way that ranking algorithms ordinarily function.
Yet another approach involves creating layers of websites, which then all link to one another as a way of causing search engines to rank them more highly. This works because the number of incoming links to a website is one of the many ways search engines determine importance. In fact, this was the basis for PageRank, the trillion dollar algorithm that first launched Google, based on the insight that a web page that large numbers of people linked to was probably considered more valuable than ones that had fewer links. It takes as its basis the idea that links are akin to endorsements, much the same way that retweets on Twitter suggest a particular sentiment is widely shared.
Once a website is ranked highly, attackers can then use it to distribute malware able to perform actions such as scanning systems for possible vulnerabilities, carrying out ransomware attacks, exfiltrating data, and more.
Defending against cyber attacks
There is, unfortunately, no simple way to safeguard against any and all cyber attacks. Organizations should make sure that they build a cyber security strategy that’s comprehensive enough that it can help guard against myriad attacks. That means understanding which assets must be protected, the compliance requirements involved, and the ever-expanding number of ways that attackers try and target assets that they are interested in.
One game-changer in this area is ensuring that the right cyber security tools are being deployed to help protect against risk. Several examples of valuable tools include advanced bot protections, Runtime Application Self-Protection (RASP), Data Loss Prevention (DLP) systems, and more. While users should make every effort not to click on questionable links and download possible malware, in some cases this is easier said than done.
Cyber attacks are getting more sophisticated all the time. They are getting better and better at exploiting human error by finding new angles by which to do this. Staying on top of this is a full-time job in itself: one that most people simply don’t have time for. However, by using best practices when it comes to online safety, and using the right cyber security preventative measures, individuals need not worry when they use the internet.