SEO Poisoning Attacks: Beware of Advertising Campaign Malware

SEO poisoning attacksSafeguarding your business means staying on top of the latest threats to data and network security. The recent rise in advertising campaign malware through popular search engines like Google and Bing are cause to sit up and take notice. SEO poisoning attacks, as they are being called, hijack brand names in paid search ads, making it difficult to know what links are to be trusted. Search engine cyber attacks can be a serious threat if your employees are using the internet at work, whether for business-related searches or for personal use. A bring your own (BYO) policy for mobile devices, including laptops, smartphones, and tabs, can still be a threat if staff is logging in on your network.

How Do SEO Poisoning Attacks Work?

The way that these search engine cyber attacks work is that they alter the results of the engine so that the first ad-based links that appear actually take the individual to attacker controlled domains. The goal of SEO poisoning attacks is to infect the user with malware or to take advantage of the increased traffic to commit ad fraud. There are different ways that cybercriminals can profit from these types of attacks and those goals aren’t always obvious. Some types of advertising campaign malware are used to compromise security within a business network to steal data or otherwise access the network for nefarious reasons. It can be challenging to spot out the altered results, even for security experts. The best defense is a good offense. Education, training, and ongoing support for you and your staff is a smart approach to protect your business from attacks.

Once the individual arrives at the attacker controlled domains, they still might not notice that they are in the wrong place. The malicious websites are often near exact copies of the original website, so a lot of work is put into the attack to ensure it snares a lot of unexpecting users. However, there are a few telltale signs that will let you know that you have entered attacker controlled domains. The links themselves will often lead to a DropBox URL, Discord URL, or another download storage site that delivers a zip file containing malware and viruses. It is this payload that causes the most damage, so as long as you and your staff know what to look out for, you might avoid it completely. Industry experts checking into these SEO poisoning attacks have stated that their anti-virus and anti-malware programs alerted them to an invalid certificate to raise suspicions.

What Can You Do to Prevent Search Engine Cyber Attacks?

Short of preventing your staff from going on the internet or shutting down access to search engines, what can be done to prevent SEO poisoning attacks and malicious downloads through attacker controlled domains? Synivate offers a wide range of services designed to help small and medium sized businesses protect their essential data and company networks. In addition to providing education, training, and support to you and your staff, we have a variety of programs that can be used to augment your current network security program and eliminate many common risks that impact business owners. Our 24/7 monitoring and management can be used to supplement your existing IT department and anti-virus security program or it can replace it altogether. Our business continuity services can help you have the tools you need to recover quickly from an attack and get back to work.

Advertising campaign malware can also have a negative impact on companies that are trying to grow their brand through ad programs on search engines. The traffic that is lost through diversion to attacker controlled domains can be very costly, especially if you are in the middle of launching a new product or have invested heavily in an advertising campaign. Consumer confidence might even play a role, as a potential customer who clicks on a link believing it to be from your organization, but ends up getting a virus or some type of malware on their system, might think twice before visiting your actual website in the future. It is essential to check for any new domains that might be similar to yours on a regular basis and be prepared to contact a hosting company or registrar to have the fraudulent website removed. To learn more about network security, 24/7 monitoring and management services, or business continuity programs, contact Synivate directly by calling 617-848-1248 and speak with one of our friendly and knowledgeable technicians.