Cybersecurity solution providers saw a significant increase in the number of phishing sites posing as official brand portals earlier in the year. They usually outweigh official sources in search results, as scammers use search engine optimization tools to boost the website’s rankings. Such attacks can lead to hacking of the organization’s official website, in addition to financial loss.
How informed Kommersant cites a study by Positive Technologies presented at SPIEF-2023 that said the number of cybersecurity incidents increased by 10% year-on-year in the first quarter of 2023 and by 7% quarter-on-quarter. “The most common consequences of successful cyberattacks on organizations were the loss of confidential information – 51% of incidents, and in the second incomplete quarter their number already exceeded the first quarter by 4%,” Alexei Novikov, director of the security expert center Positive Technologies, said.
Malicious advertising in search engines, i.e. the targeted delivery of phishing pages under the guise of official brands, also recorded a significant increase (16% compared to the previous year). In order to favor the issuance of a fraudulent resource over a legitimate one, the attackers used the method of search engine optimization (SEO), Positive Technologies explained.
“Attackers inject keywords into malicious websites and use popular topics, search engines read this and return malicious website before original page”, The researchers said, adding that this trend will be relevant throughout 2023 across all major search services.
SEO spam — the use of unethical methods to boost a website’s ranking in search results — is now a constant use by scammers, confirmed Ksenia Rysaeva, Head of Monitoring and Analysis at Innostage, noting that phishing websites can also contain malware to infect visitors’ computers. “The tool for spreading malicious resources through search engine optimization exploits the psychology of users who intuitively select the first few lines in search results.” – added Alexey Kuznetsov, Technical Manager of the Safety Analysis Department of the Future Crew Innovation Center at MTS Red.
According to Pavel Korostelev, head of the security code company’s product promotion department, websites of small online businesses that are used as a business card rather than a way of making money are likely to be hit by such attacks.
Natalya Nazarova, Director of the Institute for Entrepreneurship and Economy Development, identified three main negative consequences of this type of fraud: first, the loss of part of the income, second, significant losses in reputation, and third, the risk of hacking the corporate IT system if the customer transmits personal data, with all the resulting consequences.