An organized operation currently limited to Turkey: Hacklink is currently letting cybercriminals browse and buy access to thousands of hacked websites, with listings costing as little as $1 per unit, and .gov or high-authority domains fetching even more.The operation appears to be highly organized, with groups like “Neon SEO Academy” and “SEOLink” offering illicit SEO services for phishing and online casino fraud. With search engine providers still in the dark about it, the operation has taken root in Turkey, already boosting illicit businesses there.”So far, most of the activity seems to be centered around the Turkish market, primarily in online gambling and escort services,” Sebborn added. “As for the search engines, there’s no clear indication yet that they’ve been notified about these campaigns or how they’ve responded. At this point, there doesn’t seem to be a public effort or statement from them addressing this type of ranking abuse.”Chris Gray, Field CTO at Deepwatch, believes SEO poisoning operations, such as Hacklink, will bolster Phishing and SMShing campaigns all over. “Estimates say that there will be over a trillion phishing emails sent this year, and these attacks are expected to be involved in ~36% of all data breaches,” Gray added. “SEO poisoning doesn’t necessarily mean that these attacks will be more successful, but it does mean that even legitimate communications are more likely to contain malicious links.” A stealthy, hard-to-detect operation: Sebborn pointed out that the operation is highly evasive and employs a stealthy form of ‘cloaking’ where phishing content is displayed only under specific conditions”, such as visits from certain IP addresses arriving via Google search. In cases Netcraft observed, the same URLs would appear harmless when accessed directly or through a proxy, making the malicious behavior difficult to detect using standard security tools or manual inspection.”This kind of abuse is hard to catch if you’re not looking for it,” Sebborn added. “Site owners should definitely make a habit of checking their websites for strange or unauthorized links, especially if they’re running older software or aren’t regularly updating their systems.” Gray believes strengthening the usual anti-phishing efforts might still help. “Honestly, you’ve just got to take a page from the Phishing Handbook and double down on it,” he said. “They have to be cautious about URLs before clicking on them. Awareness is keythey need to be aware of current phishing campaigns and use strong authentication. Employee phishing awareness training is still very critical.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4008277/phishing-goes-prime-time-hackers-use-trusted-sites-to-hijack-search-rankings.html
