Hackers now have a new tool that you should be aware of. SEO poisoning, also known by "search poisoning", refers to a technique that employs Black Hat SEO techniques in order to optimize web pages.
Menlo Security researchers discovered two campaigns that are linked to the SolarMarker backdoor. Another uses REvil ransomware to infect unaware netizens.
This is how hackers attack sites. They gain access to websites that rank high on Google and then inject search terms into them.
It is highly regarded and ranked well by its surfers. This means that they are more likely to believe any content is genuine. Hackers used this trust to add poisoned content. Search results reveal the PDF file containing poisoned content. This file must be downloaded to view.
A user's fate is sealed when they click on the download link. After being redirected multiple times, users eventually land at a malware website where a malicious file is downloaded to their computer.
These hackers used WordPress sites that were trusted to exploit a bug in "Formidable Forms", a plugin. The hackers install their malicious PDFs in the wp-content/uploads/formidable/ folder.
Ransomware is a popular attack that requires you to pay exorbitant amounts in order to access your files. These two campaigns are smaller and require a lower amount of money, which can range from $1,500 up to $7,500.
You should immediately download the latest version of the Formidable Forms plugin if you have a WordPress site. The plugin developers quickly found a solution and were able to resolve the issue. As long as your plugin version 5.0.10 is installed, you should be fine.
A New TodayZoo Phishing Campaign is Looking for Passwords
Microsoft revealed recently that an unusual phishing campaign had been in place to steal passwords from unwitting victims.
This campaign is unique because it appears to have been created using code copied from other hackers. It can be called "FrankenPhishing Campaign".
Microsoft borrowed The Island of Doctor Moreau's story to call this campaign "TodayZoo". It is not a perfect piece of work, but it was large enough to draw attention.
This campaign does a great job of impersonating Microsoft's brand. "Zero-point Obfuscation" is HTML text written in zero font. This technique hides human detection.
This tool is simple but has proven to be extremely successful. It appears that the email came from Microsoft. The body of the email indicates that Microsoft 365 has compromised user's account. Password must be reset.
The email does not contain a link. It only links to a page for a dummy password reset page. After the user has submitted their login credentials, they simply give them to the perpetrators of the phishing attack.
This is how most phishing scams work. They obtain login credentials from one website and forward them to another. The campaign's creators simply keep the credentials on the same site they were obtained.
All of this points to an enthusiastic group amateurs. They are an adventurous group that will surely learn from their campaign. They are likely to return our calls again soon.
If all of this scare you - it should. Today's small business are vulnerable to attack at any time. If your desire is to keep your network safe from attack, give Integrated Technology Systems a call today - 212-750-5420. Our goal is to help small businesses keep heir data safe.
