Cybersecurity researchers uncover a new trick that lets hackers plant malicious PDFs on search engines using SEO

• According to Netskope SEO phishing rose to 450% last year.
• Hackers are using Google and Bing to rank malicious PDF files.
• Here’s how you can spot malicious PDF files — read below.

We have heard about data breaches and cybersecurity challenges but the latest numbers from security service edge provider, Netskope, suggest phishing downloads rose 450% over the past year. Attackers are using search engine optimization (SEO) to rank malicious PDF files on search engines.

According to reports, SEO phishing attempts are constantly increasing and hackers are targeting the employees through popular search engines such as Google and Bing. The attack is leading to loss of customer trust, loss of data and affecting the brand reputation.

$4 published by Proofpoint shows that in 2021, 83% of organizations were affected by email-based phishing attacks where they were tricked to click on unwanted links, downloading malware, completing wire transfers and providing login credentials.

With all-new SEO phishing techniques, successful attacks have increased and show the potential to rise further, as a new medium of attack allows hackers to manipulate employees into handing over sensitive information.

Director of Netskope Threat Labs, Ray Canzanese said, “people know they should be wary of clicking on links in email, text messages, and in social media from people they don’t know. But search engines? This presents a much harder challenge.” Talking about solutions he also added, “how does the average user differentiate between a “benign” search engine result and a “malicious” search engine result? From an enterprise perspective, this underscores the importance of having a web filtering solution in place.”

Spot malicious PDF files — here’s how
According to Ray Canzanese, the most effective way is to use a solution that decrypts and scans web traffic for malicious content. At enterprise level, security teams should encourage users to inspect all links they click on and be careful if links take them to an unfamiliar website.

If an employee clicks on a malicious PDF, they can see a fake captcha at the top of the first page which is followed by text on other pages. The user should immediately close the file and delete it. In addition, Cazanes also added that users must report malicious URLs that feature on search engines like Google and Bing. It will help the provider to unlist them from the site and prevent other users from falling into a scam.

SEE ALSO:
$4
Controversial facial recognition company Clearview AI banned from selling face database to private US businesses>$4