The Healthcare and Public Health (HPH) sector issued a warning on 22 June regarding SEO Poisoning. Search engine optimization (SEO) poisoning, considered a type of malvertising (malicious advertising), is a technique used by threat actors to increase the prominence of their malicious websites, making them look more authentic to consumers. SEO poisoning tricks the human mind, which naturally assumes the top hits are the most credible and is very effective when people fail to look closely at their search results. This can lead to credential theft, malware infections, and financial losses. As more organizations utilize search engines and healthcare continues to digitally transform, SEO poisoning is becoming a larger security threat. HC3 has observed this attack method being used recently and frequently against the US.
Link to full DHHS report: HC3_SEO_Poisoning.pdf
SEO poisoning attacks consist of altering search engine results so that the first advertised links lead to attacker-controlled sites, generally to infect visitors with malware or to attract more people using AD fraud. A user who does not read the URL (web address) closely or is unsure of the exact URL of the software might click on any of those attacker-controlled domains, which could result in a compromise. Threat actors may even use targeted types of SEO poisoning, like spear-phishing, to go after specific users, like IT administrators. The technique enables attackers to target and customize their attacks to specific audiences, making them more challenging to identify and defend against.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
Comments