HOW TO SECURE YOUR WEBSITES FROM SEARCH ENGINE POISONING ATTACKS?

INTRODUCTION:

Let’s consider two scenarios:

1. You’re far away from your home due to work and feel homesick, what you’d do? You’d book the travel ticket and eagerly anticipate for the journey moment to arrive. At that time, what if you see a website offering travel tickets at 50% off? Wouldn’t you check it out?

• When you’re badly in need of more money and suddenly, a random message appears in your mobile like enter your bank details and we’d deposit 20,000 rupees as a Diwali gift. Won’t you give your details?

Well, in both these scenarios, to fulfill your urgent needs, you’d give your details. But before doing it, have you wondered if that link is legitimate? Have you ever checked the URL before clicking and registering your details in that website?

Regarding this, there’s something you need to beware of. It’s called Search Engine Poisoning attack. This blog will quickly explain you on what’s it and post reading, you’ll think before clicking any links and websites.

WHAT IS SEARCH ENGINE POISONING (SEP)?

Search Engine Poisoning or Search Poisoning is a hacking technique used by attackers to bait user’s credentials and other significant information. This attack makes random netizens to reach out corrupted websites. Here, the attacker creates a rogue website that’s highly malicious and maintains some false data over there just to ploy the user into believing it as real. But the truth is, they are unreal data.

Now, a question may arise…. how does this website pop up in Google’s first page?

It’s because of the effective SEO (Search Engine Optimization) strategies that’s used by the hackers. This makes the fake websites pop up often during searches.

HOW DOES THIS ATTACK WORK?

These malicious websites are developed convincingly in a customized way to pretend like fulfilling user’s needs.   

• The hackers build websites with titles and links associated with the most famous happenings and other craziest events in the city/world. For example, if FIFA world cup is about to commence soon, then the cyber rogues will launch websites offering free t-shirts of Messi and Ronaldo which would obviously gain significant traction.

• If a UFC event is about to kickstart in a couple of days that’s stacked with the most anticipated matches in the fight card, then free tickets would be advertised in malicious websites which obviously would garner massive attention from the UFC fans.

In both these scenarios, the real intention behind this is only to infect the visitors with a malware or botnet and to gain their sensitive information through login portals in these websites. Another ploy is to gift the user with something for purchasing and to seize their payment card details.

HOW TO MAKE THIS ATTACK WORK?

• Right Keywords: Search Engine Poisoning attack primarily works through effective keywords for the relevant website. This strategy catapults their crafty malicious websites into Google’s first page and there are great chances for users to turn victims.

• Rich Target: Many times, hackers compromise a website’s server that’s with high SEO rankings (the ones usually in Google’s 1-3 pages) and especially the ones with fragile security. Thus, during searches, these illegitimate websites pop up and the users trusting them to be legitimate just give off their information, easily falling to the hacker’s trap.  

• Luring Links: This attack does its work by using links and sub links that redirects the users to their malicious websites through MAAS (Malware As A Service). When the user lands into the destination, malicious codes get inflicted and injection attacks can be executed.

• Enticing Adds: By using attractive (pornographic) and jaw dropping (amazing offers) malicious advertisements, there’s a definite probability of many clicking it without knowing it as a fraudulent one. This technique is also called as Malvertising.

• Cloaking: This is a very tricky method. It’s an SEO technique where the response from the server to the user varies depending on a couple of factors like the IP addresses and the HTTPS header’s agent.

HOW TO IDENTIFY IF YOU’RE HIT BY THIS ATTACK?

Rank Check: Your SEO rankings depend on various factors with your website’s security quality, playing a major role in determining it. Check out your website ranking and if you suddenly infer a huge dropdown, then it’s an indicator that your website has been hit by SEP attacks, and probably even by other attacks.

Strange Files: When you see strange ZIP files or other irrelevant data in your website, it’s a solid indication of your website being hit by SEP attacks. 

Browser’s Notification: Some browser’s like Chrome will notify your website, if it’s hacked or compromised. This is another lucid indication of an attack.

HOW TO PREVENT FROM SEP ATTACKS?

• Keep your browser updated. Ensure your website is updated to the latest framework version.
• Think multiple times and be precautious before clicking on a link. They may seem fine but truly, they may not be.
• Be careful while entering financial details and other sensitive information online. Unless you confirm it’s harmless, don’t give out yours. To know this, just check in Google if that company has suffered any recent data breach or not.
• Purchase security tools/software’s only from trustworthy vendors. Once purchased, never fail to update them when needed.
• Conduct a complete security assessment of your website to identify and eliminate such threats in your website.

CONCLUSION:

A recent survey says that about 1/4^th of the search engine results for the newly trending topics redirects them to malicious sites. Further, it’s shocking that 3000+ SEO URL’s are being poisoned every day. Moreover, no matter how much effective tools are used, these attacks will only increase with time as long as human insanity exists. There’s no cure for this other than gaining proper awareness on these. Hence, it’s important to push your awareness on cybersecurity onto the next level, if you want to stay highly resilient from these attacks.