Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Imperva Hacker Intelligence Initiative Report Reveals Illegal Attacks on Websites to Run Search Engine Optimization Campaigns

June 2016 by Imperva

Imperva, Inc., released its new Hacker Intelligence Initiative (HII) Report entitled: “Black Hat SEO: A Detailed Analysis of Illegal SEO Tactics.”The report details how researchers at the Imperva Defense Center (IDC) discovered a long-running and still active illegal attack that has been
exploiting vulnerabilities in thousands of legitimate websites to
increase the SEO results for illicit websites.

One of the largest influencers of SEO page rank is how many other sites
contain links back to thepage, and how highly the referring sites
themselves are ranked. There is significant monetary and brand value in
having as many respectable and popular sites link to the promoted page
as possible. In the campaign studied in the HII Report, the attackers
compromise websites or take over computers in order to create
unauthorized links that point back to their clients’ websites. IDC
researchers found the attackers compromise the content management
systems of vulnerable websites to create fake blogs with links pointing
back to online pharmacies in order to increase the SEO rankings of the
online pharmacies. The illegal SEO attack campaign identified by Imperva
is persistent, lasts over many months and promotes dozens of websites –
presumably those of the paying customers of the attacker – most of which
are online pharmaceutical retailers or illicit websites.

The attackers use botnets to amplify the number of websites they
compromise. Botnets are networks of remote-controlled computers and
devices, or “bots,” that are infected with malware. Attackers can create
their own botnets or even hire or rent botnets as a service.
Cybercriminals remotely control the botnets for their own purposes,
unbeknownst to the devices’ owners. The botnets launch SQL injection
(SQLi),
HTML link injection
and
comment spam attacks that
exploit vulnerabilities in reputable websites and content management
systems. The attackers use these vulnerabilities to create links from
the compromised sites back to the promoted, illicit pages. This boosts
the search engine rankings of the illicit pages. Over 700 hosts (IP
addresses) were used by the botnet during the period studied in the HII
Report to launch these SQLi and HTML link injection attacks.

“Automatic attack tools, known as malicious bots, are deployed every
second to achieve widespread attacks on websites, and more sophisticated
attackers use a distributed network of bots to launch attacks,” said
Amichai Shulman, Co-founder and CTO of Imperva. “While it is common to
see many variations on the same attack vector comprise these campaigns -
such as comment spam used to improve rankings of promoted sites - it is
unusual to identify a multi-faceted, long-term campaign run with
coordination from the same botnet in the wild.”

“This kind of attack has the potential to impact a legitimate website’s
customer experience and brand value, and it could even break the
functionality on some website applications,” Shulman explained. “These
SQLi attacks are typically referred to as “gateway” attacks and can test
the water for more serious attacks to come. Websites can be thought of
as the highway to business-critical data, so owners of those that have
been targeted should be particularly worried as often SQLi attacks are
used to steal data. This definitely serves as a reminder of how
relentless cybercriminals are, and the need to bolster website security.“

The full report can be downloaded here.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts