Researchers discover hackers using SEO to rank malicious PDFs on search engines

Today, researchers at security service edge provider Netskope released the Netskope Cloud and Threat Report: Global Cloud and Malware Trends, which found that phishing downloads have increased by 450% over the past 12 months and highlighted that attackers are using search engine optimization (SEO). ) to rank malicious PDF files in search engines.

The report’s findings show that phishing attempts are constantly evolving, and attackers aren’t just targeting employees through their email inboxes; They also use popular search engines like Google and Bing.

For businesses, the rise in phishing attacks and the growing popularity of SEO techniques among cybercriminals underscores the need to provide employees with security awareness training so they are prepared to spot these threats online and avoid the risk of leaking sensitive information.

Phishing: a nuisance that won’t go away

The report comes as security teams have consistently failed to address the challenge of phishing attempts with traditional security tools like secure email gateways.

Research shows that in 2021, 83% of businesses experienced an email-based phishing attack where they were tricked into clicking a broken link, downloading malware, providing credentials, or making a money transfer.

Now that hackers are turning to SEO techniques, the number of successful phishing attacks has increased and may continue to increase as attackers have a new medium through which they can manipulate employees into sharing sensitive information outside of the protection of other security controls.

“People know to be careful when clicking on links in emails, text messages and social media from people they don’t know. But search engines? This presents a much more difficult challenge,” said Netskope’s Director of Netskope Threat Labs, Ray Canzanese.

“How does the average user differentiate between a ‘good’ search engine result and a ‘bad’ search engine result? From a business perspective, this underscores the importance of a web filtering solution,” said Canzanese.

How to Detect Malicious PDF Files

When it comes to mitigating these SEO-driven attacks, Canzanese highlights a number of methods security teams can use to protect employees. One of the most effective is to use a solution that can decrypt web traffic and scan for malicious content.

At the same time, security teams should encourage users to check any links they click and exercise caution if the link takes them to an unfamiliar site.

In the event that an employee clicks on a malicious PDF, they can expect to see a fake captcha at the top of the first page, followed by text on other pages. In these scenarios, users should close the file, delete it from the device, and report it to the security team as soon as possible.

Cazanes also points out that it is important for users to report malicious URLs appearing in popular search engines to help the provider remove them from the site and prevent other users from becoming a victim of scams.