Industry Research : Imperva Releases Details of How Search Engine Poisoning (SEP) Works
Imperva today released its second Hacker Intelligence Initiative (HII) report that discloses the intricate workings of a ‘Search Engine Poisoning’ (SEP) campaign. The attack, witnessed by Imperva’s Application Defense Center (ADC), was extremely successful and continued to run for at least 15 months without any apparent counter-measures employed by search engines. This acutely illustrates how websites – often unbeknownst to their administrator - and Web search engines become the conduit for these types of attack and demonstrates that more needs to be done to stop malware being spread in this fashion.
2018 Top Ranking Performers Present:
SEP in a Nutshell
Search Engine Poisoning attacks manipulate, or "poison", search engines to display search results that contain references to malware-delivering websites. There are a multitude of methods to perform SEP: taking control of popular websites; using the search engines’ "sponsored" links to reference malicious sites; and injecting HTML code.
Speaking about the report, Amichai Shulman, CTO and co-founder ofImperva explains, "Our probes were able to detect and track a SEP attack campaign from start to end.The prevalence and longevity of this attack indicates not only how long it lasted undetected, but also that companies are not aware they are being used as a conduit of an attack. It also highlights that search engines should do more to improve their ability to accurately identify potentially harmful sites and warn users about them.
"The attack method we monitored returned search results containing references to sites infected with Cross Site Scripting (XSS). The infected Web pages then redirect unsuspecting users to malicious sites where their computers become infected with malware. This technique is particularly effective as the criminal doesn’t take over, or break into, any of the servers involved to carry out the attack. Instead he finds vulnerable sites, injects his code, and leaves it up to the search engine to spread his malware."
SEP is an extremely popular method used by hackers to widely spread their malware. Attackers exploit XSS to take advantage of the role of third-party websites as mediators between search engines and the attacker’s malicious site.
Amichai advises Web administrators that, "Abuse of a website can lead to brand damage, customer base loss and drive away potential visitors. Moreover it has a clear negative impact on the site’s accessibility through search engines including decreased ranking, marking references as harmful and even altogether removal from the search index. Ultimately, this leads to devastating economic implications. By protecting the Web application against XSS attacks in the first place will prevent these sites from being abused as the attacker’s conduit for a SEP campaign."
CONTACT CENTER & CUSTOMER ENGAGEMENT
BERLIN - ORLANDO - MACAO
FIND OUT MORE!
Amichaialso advises Search Engine providers, "Current solutions which warn the user of malicious sites lack accuracy and precision whereas many malicious sites continue to be returned un-flagged. However, these solutions can be enhanced by studying the footprints of a SEP via XSS. This allows a more accurate, and timely notification, as well as prudent indexing."
Imperva’s Hacker Intelligence Initiative reports, issued monthly, are created to give a better understanding of the latest threats coming from hackers - by investigating hacker forums and monitoring attack traffic, to help organizations better protect themselves.
2018 Top Ranking Performers Present:
Today's Tip of the Day - Forecasting
More Editorial From Imperva
Published: Monday, June 6, 2011
Genesys® powers 25 billion of the world’s best customer experiences each year. Our success comes from connecting employee and customer conversations on any channel, every day. Over 10,000 companies in...
eGain customer engagement solutions power digital transformation for leading brands. Our top-rated cloud applications for social, mobile, web, and contact centers help clients deliver connected custom...
Noble Systems Corporation is a global provider of contact center, workforce engagement, and analytics technologies, offering premise, cloud, and hybrid platforms. Noble Systems has been providing inno...
Five9 is a provider of cloud software for the enterprise contact center market, bringing the power of the cloud to thousands of customers and facilitating approximately three billion customer interact...