Account acquisition fraud, fraud management and cybercrime, social engineering
Search scams that lure users to sites infected with malware are often difficult to detect
Marianne Kolbasuk McGee (HealthInfoSec) •
June 23, 2023
SEO poisoning attacks against healthcare entities are on the rise, HHS warned. (Image: Getty)
SEO poisoning attacks, which involve intentionally manipulating search results to lead users to websites with malware, are on the rise in the healthcare industry, US federal regulators warn.
SEO poisoning is a type of malicious advertising that can lead to credential theft, malware infections, and financial loss. This type of attack has been used “recently and frequently” against the US healthcare and public health sector, warned the Health Sector Cybersecurity Coordination Center of the Department of Health and Human Services in an alert issued Thursday.
The threat actors behind SEO poisoning campaigns manipulate search engines like Google so that the first advertised links actually lead to sites controlled by attackers, “usually to infect visitors with malware or to attract more people with ad fraud,” according to HHS HC3. Healthcare entities are becoming a more frequent target of these attacks as the sector continues to become more and more digital, according to the alert.
But not only American healthcare organizations have been targeted by these attacks. Trend Micro researchers reported in January, that the criminal group behind the Gootkit malware attacks had been leveraging SEO poisoning to attack the Australian healthcare industry in the second half of 2022 (see: Gootkit Malware Found Targeting Australian Healthcare Sector).
The healthcare industry is facing an increasing number of SEO poisoning attacks as threat actors target these organizations for their highly confidential and valuable data, said Ismael Valenzuela, vice president of research and BlackBerry threat intelligence.
“A successful cyberattack can have serious consequences, including the loss or sale of sensitive patient data to malicious entities, financial loss and even direct physical harm to patients,” he told Information Security Media Group.
Security researchers at BlackBerry said in an April threat intelligence report that they had found that SEO poisoning attacks, particularly in the healthcare sector, were on the rise between December 2022 and February 2023, and they expected this trend to continue.
Because some anti-malware solutions block cracks and keygens, some users intentionally disable their security products before downloading these files or ignore detection alerts and proceed with the download anyway, according to BlackBerry. “As a result, even widely detected threats can infect systems when a victim explicitly allows malware to download and run,” BlackBerry writes.
SEO Poisoning Tactics
Some threat actors also use specific types of SEO poisoning, including spear-phishing, to target specific users, such as IT administrators and other privileged users. “The technique allows attackers to target and personalize their attacks to specific audiences, making them more difficult to identify and defend against,” HHS HC3 wrote.
Common SEO poisoning methods also include typosquatting, which targets users who may open their browser and enter a website address that has an inadvertent typo or click on a link with a misspelled URL, said HHS HC. Attackers often register domain names that are similar to legitimate ones but contain minor spelling errors.
Threat actors use a variety of tactics to boost their search engine rankings to help trap users through SEO poisoning, HHS HC3 warned.
They include keyword stuffing, which involves stuffing irrelevant keywords into a web page’s text, meta tags, or other parts of a scammer’s website to trick search engine algorithms into ranking the website taller.
Another tactic is cloaking, which consists of showing search engine trackers different material than what is presented to the user when the link is clicked; manipulate search rankings by artificially increasing a website’s click-through rate to increase its search engine ranking; and using private link networks, which involves connecting a group of unrelated websites, resulting in a network of backlinks to a main website.
SEO poisoning can be difficult to prevent and detect, according to the alert. However, organizations can take steps to help better prepare for these scams, HHS HC3 said. This includes implementing typosquatting detection procedures using digital risk control tools.
Indicator of compromise lists can be used to identify malicious URLs and can also serve as watchlists or blocklists for preemptive detection or blocking, HHS HC3 said.
HHS HC3 also recommended updating security software and establishing “rigorous” web filtering procedures, as well as training staff on “safe browsing practices, phishing awareness, and effective endpoint security measures,” HHS HC3 said .
[ad_2]
Source link
