Hackers place faulty PDFs high in Google search results.
Researchers from security services provider Netskope have released Netskope Cloud and Threat Report: Global Cloud and Malware Trends. The document reveals that phishing downloads have increased by 450% in the past 12 months. Importantly, he points out that attackers use search engine optimization (SEO) to rank faulty PDF files on search engines.
Phishing attempts are constantly evolving. Attackers don’t just target employees through their email inbox. Clearly, they also use popular search engines like Google and Bing.
“Phishing downloads differ from traditional phishing websites. These are usually PDFs that take the form of fake CAPTCHAs, fake file sharing requests or fake invoices, and are part of a larger phishing campaign”indicates the report.
Phishing is on the rise
In 2021, 83% of organizations experienced an email phishing attack. This is how they were tricked into clicking on the wrong link, downloading malware, providing credentials, or making a bank transfer. Simply put, phishing is a cybercrime technique that uses fraud, trickery, or deception. And this, in order to induce the victim to disclose sensitive personal information.
“People know to be wary of links they click in emails, text messages and social media from people they don’t know. But search engines? It’s a much more difficult challenge to meet.” said Ray Canzanese, director of Netskope’s Threat Labs.
The rise in phishing attacks is linked to the fact that hackers are now turning to search engine optimization techniques. Attackers therefore have a new medium where they can manipulate employees into handing over sensitive information outside the protection of other security controls. Indeed, for an average user, it is difficult to tell the difference between a benign search engine result and a faulty search engine result.
According to Netskope, this highlights the importance of having a web filtering solution in place. In addition, security teams are called upon to encourage users to inspect all links they click on. Likewise, it is important that every user or employee reports any issues to the security team. Finally, Canzanese also stresses the importance of users reporting malicious URLs appearing on popular search engines. And this, in order to help the supplier to remove them from the list of the site. But also, to prevent other users from being hacked.
Spot malicious PDF files
Netskope explains that, in the context of an explosion in download phishing, “hackers have been more successful in placing [des fichiers PDF] very high in popular search engines by mobilizing common SEO techniques”. These PDF files can take the form of fake CAPTHA screens or fake standard invoices. If the user clicks on it, a process is triggered and causes the installation of one or more malicious software.
If an employee clicks on a malicious PDF, they can expect to see a fake captcha at the top of the first page and then text on other pages. In these scenarios, users must first close the file. Then, remove it from the device and report it to the security team as soon as possible.
Finally in numbers, again according to Netskope, executable files (EXE/DLL), Microsoft Office files, PDF files and ZIP files accounted for 81% of all faulty software downloads over the last twelve months.
Follow Geeko on Facebook, Youtube and Instagram to not evaluate any news, tests and tips.