Cybercriminals getting dangerously organised with black hat SEO

It's worrying how organised online criminals are becoming

This year, we've seen cybercriminals putting together sophisticated ransomware operations with the likes of staffed helpdesks to help victims pay up, and there is further evidence of high levels of organisation in terms of criminals conducting black hat SEO (search engine optimisation).

This is according to a new Hacker Intelligence Initiative report published by security firm Imperva, which found evidence of a long-term black hat SEO campaign (that started late last year) using botnets to promote dodgy websites.

Black hat SEO involves the attackers compromising target websites and then using them to pump up the Google rankings of the web pages of their paying customers (apparently these are mostly online pharmaceutical stores or malware serving sites of one kind or another).

Imperva observed that the attackers gain access to the CMS (content management system) of the compromised website and inject links pointing to their dodgy sites, giving these illicit pages more 'Google juice' and making it more likely people will see and visit them.

During the period covered by the report, the company found that in excess of 700 hosts were used by the monitored botnet to launch SQL injection and HTML link injection attacks.

Automated attacks

Amichai Shulman, co-founder and CTO of Imperva, commented: "Automatic attack tools, known as malicious bots, are deployed every second to achieve widespread attacks on websites, and more sophisticated attackers use a distributed network of bots to launch attacks.

"While it is common to see many variations on the same attack vector comprise these campaigns – such as comment spam used to improve rankings of promoted sites – it is unusual to identify a multi-faceted, long-term campaign run with coordination from the same botnet in the wild."

Obviously if your website is compromised in such a manner, your visitors will likely be less than impressed particularly if bits of your site are broken by the intrusion, as can happen – furthermore and as Imperva notes, you're likely to suffer damage to your reputation.

Not to mention the prospect that these initial forays "can test the water for more serious attacks to come", Shulman warns, and precious business data could ultimately be at risk. As ever, particularly with cybercriminals becoming increasingly more organised, it pays to keep a close eye on website security.

Via: Computer Weekly