SEO Poisoning Attacks Increase Across Healthcare
Threat actors have been leveraging search engine optimization (SEO) poisoning tactics to trick users into clicking on malicious links, HC3 warned.
The Health Sector Cybersecurity Coordination Center’s (HC3) latest analyst note details the threat of search engine optimization (SEO) poisoning, which is increasingly being used against the healthcare sector.
SEO poisoning is a form of malicious advertising that tricks users into clicking on the top hits on a search engine without carefully inspecting the URL. Essentially, threat actors alter search engine results to ensure that the first advertised links lead to attacker-controlled sites.
“This can lead to credential theft, malware infections, and financial losses,” HC3 warned. “As more organizations utilize search engines and healthcare continues to digitally transform, SEO poisoning is becoming a larger security threat.”
As previously reported, BlackBerry’s Global Threat Intelligence Report predicted a significant uptick in SEO poisoning in the coming months.
HC3 provided insight into the techniques that threat actors use to accomplish SEO poisoning.
“One common method is typosquatting, which targets users who might open their browser and input a website address that has an inadvertent typo or click on a link with a misspelled URL. To exploit these minor user errors, attackers register domain names similar to legitimate ones,” the analyst note stated.
“An example of this would be a user searching a keyword in their web browser. The user may hit the first result without looking too closely at the URL—which can contain misspellings like ‘Goggle’ instead of ‘Google’ or characters that look similar like ‘1’ instead of ‘l’—and be redirected to a fake website where they are prompted to download malware-infected files.”
These fake sites often appear at the top of search results, making it more likely that users will click on them. To ensure that they appear at the top of the page, threat actors leverage keyword stuffing, cloaking, and manipulation of search rankings.
HC3 acknowledged that detecting and preventing SEO poisoning can be challenging. However, there are some proactive steps that organizations can take, such as implementing typosquatting detection procedures using Digital Risk Monitoring tools.
“Organizations should carefully check every new domain that is registered on the Internet that contains similarities with any of their brands or names,” HC3 added. “As attackers often register domain names that are very similar to the legitimate ones, it is possible to detect them quickly in most cases, immediately analyze the situation, and take action to mitigate the risk.”
In addition, organizations may consider using indicators of compromise (IOC) lists to gain knowledge on suspicious website behavior. Upgrading security software and educating employees can also go a long way in mitigating risk and preventing workforce members from falling for threat actors’ tricks.