seo-campaignCybercriminals have been using massively malicious SEO campaigns to promote low-quality Q&A websites by redirecting users to fake discussion boards. Nearly 15,000 websites have been compromised as a result.

Researchers at Sucuri discovered the hacking attacks in September 2022. The compromised sites contained approximately 20,000 files, which were used in the search engine campaign.

According to researchers, the goal of threat actors may be to create enough pages that are indexed in order to increase their authority in search engines. They will be able to rank higher in search engines.

The malware attacks WordPress sites in the main. To inject fake Q&A discussion form redirects, the hackers altered WordPress PHP files.

Malicious code is embedded in the infected files that checks whether website visitors are logged in to WordPress. Visitors who are not logged in to WordPress will be redirected to a Google Search URL which redirects them to the spam FAQ site.

Google search click URLs are likely to improve performance metrics for URLs in the Google Index. This makes the websites more popular and allows web traffic to be viewed as legitimate.

Logged in users are not allowed to access the site administrator.

Although Sucuri could not identify the exact method by which the attackers accessed the website used for redirects (or the WordPress administrator password), it is probable that they exploited vulnerability plugins or forced the password of the WordPress administrator to gain access.

Sucuri suggests that admin panels be secured with two-factor authentication. Users should also ensure that any software on their website has been updated and patched.

A vulnerability audit of your website by  Integrated Technology Systems can go a long way to ensuring you are secure from hackers.

Shoppers in the USA are being targeted by a Phishing Tool

phishingAkamai security experts discovered an elaborate phishing campaign. This campaign targets Americans with lures that revolve around holidays such as Thanksgiving and Christmas.

The most interesting aspect of the campaign is the token-based system that ensures every victim is directed to a different URL for a Phishing page.

Summary of the Campaign

The scheme targeted internet users searching for Christmas deals between September 2022 and October 2022.

Potential victims are targeted by phishing emails claiming they can win gifts from a well-respected company.

Although the links in the email do not look suspicious, they link to the phishing website via a series redirects. URL shorteners mask the majority URLs. The attackers also use reputable cloud providers such as AWS, Azure, and Google to bypass security measures.

Everyone who visits the phishing website must complete a short survey before they are awarded the prize. The poll is completed in five minutes.

The surveys are imitating well-known companies like Costco, Sam's Club and Delta Airlines to make it harder for people to spot the scam. To boost the effectiveness of the campaign, the phishing actors include false testimonials from users showcasing the rewards they have won.

After "winning" an item, the victims are asked to give their payment information in order to pay shipping costs. The threat actors take the credit card information and deliver no reward.

Akamai estimates that 89% of people who visit phishing sites are from the United States or Canada.

Different URLs

Every phishing email contains a link to a landing page with an anchor (#), that directs the visitor to a section of the linked to website.

The anchor tag in this phishing attempt contains a token JavaScript that is used on the phishing landing pages to rebuild the target's URL. These tokens can be used to screen out non-victims and victim-specific tracking, campaign evaluation, and many other purposes.

Akamai states that the HTML anchor values will not be treated as HTTP parameters and will not be sent to the server. The victim's JavaScript code, however, will still be capable of accessing this value.

Security tools may not be able to detect malicious code or ignore the value that was added after the HTML anchor. This number will also be overlooked by traffic inspection tools.

It contains nearly all detection-avoiding and successful strategies. This makes it a serious threat to North Americans.

Integrated Technology Systems are the security experts you can rely on. We service companies across the country with managed IT services and cybersecurity management.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017