Sophos reveals defense for search engine hack attacks

Security firm Sophos has published...

Security firm Sophos has published research on the automated tools used by search engine optimisation (SEO) hackers and how companies can protect themselves.

Using SEO techniques to subvert legitimate websites has become a huge money-spinner for cybercriminals, researchers found.

Every day dozens of malicious campaigns take advantage of the hottest news stories on the internet to spread malware, according to Sophos.

After the recent death of a Sea World animal trainer by a killer whale, hackers automatically used blackhat SEO techniques to stuff booby-trapped web pages with related content, said Fraser Howard, principal virus researcher at Sophos.

"This kind of profiteering is not just distasteful; it's also potentially dangerous to millions of innocent internet users," he said.

A paper by Howard and fellow researcher Onur Komili details how it has become routine for attackers to compromise web content to distribute malware.

Yet IT and network managers can take a number of basic steps to protect their organisations, claimed the researchers.

As with many other web-based attacks, URL filtering and content inspections often provide the most effective protection against SEO attacks, they said.

"Monitoring any currently active SEO attacks enables the collection of the redirection URLs involved, which can then be blacklisted," said Howard.

By adding detection for the payload, as well as diligent monitoring and filtering in-bound content, network managers can thwart an attack before it reaches the user, he said.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.