In today’s digitally-enabled and digitally-focused culture we have become voracious consumers of online content, and the numbers keep growing - activity on the internet is setting new records every day. In addition, we are used to instant response times, rapid results and information gathered in the blink of an eye.
Adi Bleih, Threat Intelligence Researcher, Cybersixgill.
When we are searching for information in a specific field, our immediate go-to are top search engines like Google or Bing. When we see the search results in a list, we typically click on the first few links, assuming they are the most relevant sources. Herein lies the problem: how can we be confident that the results are trusted and appropriately ranked by search engines? And more importantly, can the results be manipulated? The answer to the latter, unfortunately, is a resounding YES.
SEO (Search Engine Optimization) has been around since the internet took off and continues to be updated on a regular basis. SEO is the process of improving a website to increase its visibility when people search for information, products or services. The better visibility a page has in search results, the more likely that link is to garner clicks – and ultimately, attract prospective and existing customers to the business.
Black hat SEO
Anyone can manipulate the SEO process by utilizing keywords and hyperlinks in online content and other methods to gain a higher ranking for their business in search results. Unfortunately, threat actors also use search engine algorithms for malicious purposes. This is called “Black Hat SEO,” whereby cyber criminals use techniques to damage the reputation of legitimate site – and is the opposite of “White Hat SEO,” which is an ethical way of improving a website’s search engine ranking by creating quality content and a good user experience.
Black Hat SEO goes against the guidelines set by search engine companies and manipulates them to gain higher rankings. Black Hat SEO tactics are highly manipulative, and when they are detected, can lead to a listing being removed completely from search results or getting a lower position in the results.
One way Black Hat SEO tactics are used is for phishing campaigns that give cyber criminals access to sensitive information. Naturally, new phishing sites are detected by anti-virus software and different scanners and only last for a few days. Threat actors use Black Hat SEO to bump their site’s position in search engines so that they can extract the most out of their phishing attacks and “hunt” as many victims as they can in this short period of time – potentially stealing login credentials or other personal information.
Since their shelf-life is rather short, these phishing sites have a lower likelihood of success. It’s easier for a black hat marketer to get rid of their competitors than to beef up their own reputation. Another approach that we see cyber criminals using is to alert a competitor’s customers that they were hacked when they visited the competitor’s legitimate site. Redirection links are another tactic used by malicious actors, and are one the most common methods that exist today. This is where cybercriminals create a URL that looks legitimate, but when visitors click on it, they are redirected to a malicious site.
Threat actors are known to exploit legitimate techniques to their advantage, turning anything from innocent best practices to malicious campaigns. SEO is no different, and threat actors use Black Hat SEO to improve and optimize their phishing sites — by improving the site’s ranking and position in search engines and thus maximize incoming traffic.
Black Hat SEO is a very real situation used in every day internet activities. Threat actors will try to find any way they can to penetrate a user’s system to gain sensitive information, connect to a larger group of employees, and eventually cause disruption or damage.
The primary application of Black Hat SEO techniques is to evade anti-phishing mechanisms. By improving the page rank of the malicious site, attackers hope for it to slip undetected past defenses. Thus, the way to prevent falling victim to black hat SEO is to:
- Security teams can follow white hat groups and individuals in different underground forums, where they can find interesting information.
- Individuals across the company should carefully check any url before clicking the link, even if it’s been searched on Bing, Google or any major search engine.
- Follow anti-phishing best practices
For the average user, this means that they need to maintain vigilance. Even a top-tier anti-phishing system might mistakenly approve of a malicious site, and therefore users must be aware of phishing - what it means, how to evaluate a potential phishing email/site, and what steps one must take in the event of a phishing attack.
On the organizational level, security teams must block and detect malicious sites and monitor suspicious communication from unknown sites to the internal network, and ensure that its members are aware of social engineering attacks.
Ultimately, companies need to instill cybersecurity best practices across the organization and convey these guidelines to employees, partners, and customers, to make everyone aware of the risks when using search engines and educate people about ways to protect themselves.