Search optimization hasn't traditionally been a focus area for cybersecurity, but with SEO poisoning attacks on the rise, it's becoming one.
In recent years in particular, organic search has taken on outsized importance for the value of a company's brand and for generating new inbound business. This is likely why SEO attacks, too, are on the rise.
In SEO poisoning attacks, rather than attacking an organization's assets directly—say, by compromising and defacing their website—a malicious third party instead indirectly attacks an organization by altering the way that they appear in search. This generally involves fooling Google or other search providers about the content or audience of a website, or causing search providers to believe (unjustly) that an organization is employing forbidden tactics for search optimization, causing them to be penalized.
In some sense, SEO poisoning attacks are therefore similar to social engineering attacks, but the vulnerable target in these cases is a technology platform (Google or another search provider) rather than an employee of the organization.
In the most concrete terms, SEO poisoning attacks may involve:
Creating backlinks to a site from "toxic" web properties, such as spammy websites or porn websites sites
Creating an obvious "link farm" to a website without the site owner's awareness, to cause search providers to penalize the site for link farming
Taking advantage of wildcard redirects to "inject" destinations that don't exist but contain negative keywords into a site's search results
Using query parameters or other techniques in backlinks to generate unexpected and undesirable search results for a domain
The effects of SEO poisoning attacks can be initially harmful precisely because SEO and search profile maintenance are company functions not traditionally associated with cybersecurity, and may be subject to biases—for example, a bias toward desiring higher search traffic or a higher number of backlinks—that leave the actual details of these increases unexamined in the many pages of search results and backlinks that marketing departments ultimately monitor.
However, if left uncorrected, SEO poisoning attacks can harm a brand's perception with organic search users—who make assumptions about a brand based on the results that they see in search—or its ultimate search position and effectiveness with search platforms.
Best practices for avoiding SEO poisoning attacks include avoiding wildcard redirects, erroring on, rather than ignoring, unexpected query parameters, and regularly monitoring not just search volume and placement but also the actual contents of search, as well as a site or property's backlink profile. Though many small to medium sized organizations in particular are reluctant to make larger investments in what are ultimately SEO tasks, the new cybersecurity implications of such tasks justify the investment.
Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.
Talk to us today.
Copyright © 2022 Plurilock Security Inc.