Cybercriminals Are Tricking Search Engines and Running Scams on Social Lately
November 02, 2021
2 min 20 sec read
You know the saying, "crime doesn't pay." Well, cybercriminals these days seem to think otherwise.
According to the Menlo Security team, ransomware gangs have recently used SEO poisoning tactics to infect website visitors
with malware on their PCs. Before we get into the "whodunnit" to learn who's behind these attacks, let's find out what "search poisoning" is.
Basically, it's an attack that uses "black hat" SEO techniques to optimize websites to rank higher on Google search results by injecting thousands of keywords that cover unique search terms. Sometimes they'll create a fake yet convincing site to lure their victims using the same methods.
You'll think the site's legit since it's on the first page of Google. What these bad actors do is usually target a website's downloadables like PDFs, for example. Typically they'll infect things like guides, ebooks, and reports because they're more likely to be downloaded and trusted.
Once you download it, you'll be redirected through many sites until they auto-upload their malicious software onto your computer. That's how cybercriminals can get access to your information and computer. They could steal your identity, banking passwords, credit card details, or freeze your computer and data until you pay their ransom to get access again.
Now the Menlo Security team linked either the REvil or Gootkit gang responsible for these attacks, and other bad actors may have used the SolarMarker .NET backdoor malware to get access into computers.
Whether they're in a gang or not, these cybercriminals target one of the most vulnerable and widely used content management systems on the market: WordPress.
Menlo's team noticed WordPress sites were usually the victims of SEO poisoning attacks. They even saw educational and .gov sites falling prey to it too. So how did these attackers infect these sites?
Once again, give it up for plugins!
Attackers infiltrated the WordPress' Formidable Forms plugin. They infected the directory location that would serve PDFs back to you once you complete the form.
Another plugin affected by SEO poisonings was the HashThemes Demo Importer. This plugin has over 8000 installs and lets you demo websites as if they were live.
But the plugin had poor user permissions checkpoints. However, there was a vulnerability that allowed cybercriminals to pose as authenticated users and have website access. They could completely reset a site, delete database content, and upload malicious media if they wanted to undetected.
What makes WordPress popular is its drag and drop editor and the ability for you to stockpile and install plugins to achieve whatever your site needs for your business. That's great and all, but look what happens every few months.
WordPress always makes the headlines for security risks, especially their plugins, since they allow 3rd-party software integrations to their platform. And the reality is that 3rd-party plugin developers should be held responsible for maintaining their code.
They are responsible for ensuring their plugins are secure and functioning and testing how their code interacts with other developers' plugins that run on top of theirs. If these plugins aren't maintained frequently, cybercriminals can delete websites for the "L-O-Ls" of it or seriously ruin people's lives by stealing their data.
That's why website owners with WebFindYou have another reason to just sit back and relax and not worry about cyberattacks.
You're working in an integrated environment that doesn't rely on 3rd-party plugins because everything you need has been strategically programmed from scratch since day one.
It's just one less thing to worry about when you're using WebFindYou's All-in-One Digital Marketing Technology.
Want to read this in Spanish? Spanish Version >>