Cunning cybercriminals increasing malware installations due to superior search engine optimization skills
In a report released today, cybersecurity company Netskope has revealed a significant increase in phishing scams and malware downloads over the past year. The findings, based on data from a few million customers using its secure web gateway, show a 450% increase in phishing downloads.
Despite Google and Bing being the most-used search engines worldwide, accounting for 92% and 3% of search engine traffic respectively, the prominence of these platforms in the report does not necessarily indicate a campaign exclusively targeting the most popular search engines. Instead, it largely reflects Netskope's customers' preferred search engines.
The report highlights the use of search engine optimization (SEO) techniques by cybercriminals as the primary driver of the increase in phishing downloads. Malicious PDF files, often sharing a similar appearance, are encountered by individuals searching common keywords and are found to redirect to phishing, spam, scam, and malware sites. Many of these PDFs are stored on free website hosting services and replicated in multiple places in different languages.
Ray Canzanese, threat research director at Netskope, stated that the technique used is not new but seems to have been refined by someone persistently trying to weaponize these methods. He added, "We rarely see the same PDF from the same URL more than once."
Netskope continually reports these discoveries to search engines and hosting sites to get the pages delisted and removed from search results. However, no specific individual or group has been named in the search results as responsible for the recent phishing campaigns using SEO techniques to spread malware-infected PDF files.
The increase in phishing downloads poses a risk to enterprises as they can potentially expose sensitive data, putting business activities at risk. Unsuspecting employees can be lured into sharing privileged information, which can be used by cybercriminals to gain unauthorized access to critical infrastructure.
Despite the tactic not being groundbreaking, the volume and persistence of the malicious files is a problem. Netskope didn't uncover a common theme, but rather a wide-ranging effort that's indicative of a group or individual brokering for many clients. As cybercriminals increasingly use SEO poisoning and AI-generated content to distribute malware and steal data, it is crucial for businesses to stay vigilant and implement robust cybersecurity measures.
