Cybercriminals use search engine optimization (SEO (opens in new tab)) A security researcher has discovered a trick that boosts malicious domains to Google search rankings.
According to a report from AT&T’s security team, in addition to distribution, malware (opens in new tab) Operators behind the infamous Sodinokini via email campaign ransomware (opens in new tab) It targets keyphrases that are commonly typed into Google.
“There’s a saying that nothing is certain, except death and taxes. In today’s cyberthreat landscape, ransomware can be on the shortlist,” writes AT&T researcher Ken Ng. . “In this case, [our] The customer almost had an affair at the tax crossroads When Ransomware. “
SEO for cybercriminals
Although the attack was automatically mitigated with appropriate security protections, AT&T said the incident warrants further investigation as it was not immediately clear how the individual became infected. I thought.
Researchers eventually tracked down the domain in question and found that it used HTTP instead of HTTPS (a more secure protocol), and that the URL itself had nothing to do with the SEO-created page headline. So I found it to stand out. Keep in mind.
The page itself was “highly questionable and sparse” and contained links to download answers to the original search query “Does Missouri have a reciprocal agreement with Kansas?” .
This level of targeting specificity is alarming (after all, relatively few people are likely to run this particular query) and raises the question: Sodinokibi and other cybercriminals targeting other key terms?
To prevent this type of attack, users are advised to ensure their devices are protected by key protections. Antivirus (opens in new tab) Avoid websites that aren’t secured with HTTPS and don’t download content from unfamiliar sources.