16% increase in the number of phishing sites that dominate search results over official sites
[ad_1]
Cybersecurity solution providers report a 16% increase in the number of phishing sites that dominate search results over official portals. This is due to the use of search engine optimization tools by attackers, the attacks are mainly aimed at the websites of small companies. Experts warn that in addition to financial losses, the actions of hackers can lead to hacking of the official organization if the user mistakenly transfers their account information to them.
Kommersant got acquainted with the study by Positive Technologies, presented at SPIEF-2023 and dedicated to the current threats to cybersecurity in Russia in the first and incomplete second quarters. Overall, in the first quarter of 2023, the number of incidents increased by 7% compared to the previous quarter and was 10% more than at the beginning of 2022, the report says. “The most frequent consequences of successful cyber attacks on organizations were confidential information leaks — 51% of incidents, and in the second incomplete quarter their number already exceeded the first quarter by 4%,” says Alexei Novikov, director of the Positive Technologies security expert center.
In addition to the growth in the number of attacks, the researchers also noted the growth of malicious advertising in search engines, that is, the targeted delivery of phishing sites masquerading as official brands, their growth was 16% year-on-year.
The essence of the method of attackers is to use search engine optimization (Search Engine Optimization, SEO) to outrun the issuance of an illegal resource over a legitimate one, this attack method is also used to attract a large number of users to phishing sites, Positive Technologies explains. “Attackers inject keywords into malicious sites and use popular topics, search engines read this and return the malicious site before the original page,” they say. Positive Technologies believes that the trend will not lose relevance throughout 2023 and will be valid on all popular search services. In “Yandex” “Kommersant” did not answer.
SEO spam – the use of unethical methods to increase the ranking of a site in search results – is now used by scammers all the time, Ksenia Rysaeva, head of monitoring and analytics at Innostage, agrees. She adds that such sites may contain malware to infect visitors’ computers. “The tool for spreading malicious resources through search engine optimization exploits the psychology of users who intuitively select the first lines in the search results,” says Alexey Kuznetsov, technical head of security analysis at the Future Crew innovation center at MTS Red.
Among the industries that suffer from such attacks are small online businesses, such as hotels and, in general, those companies in which the website acts as a business card, and not an income tool, says Pavel Korostelev, head of the security code company’s product promotion department. . “When it comes to web portals that are developed for making money, their owners are well versed in search engine optimization and are constantly engaged in it, it is difficult for attackers to interrupt them,” he says. However, Mr. Kuznetsov believes that companies that sell goods and services online – online retailers, ticketing services, online banks – are also at risk.
There are three key negative consequences of this type of fraud: firstly, legal business loses part of its income, and secondly, due to negative user experience, a business can incur significant reputational costs, says Natalya Nazarova, director of the ANO Institute for the Development of Entrepreneurship and Economics. Thirdly, the expert adds, if a client transferred data from a personal account in a particular service, there is a risk of hacking the IT system of the business, as a result of which personal data can be leaked and work blocked.
[ad_2]
Source link