Healthcare Organizations Warned of Risk of Cyberattacks via SEO Poisoning
In a recently published analyst note, the Health Sector Cybersecurity Coordination Center (HC3) draws attention to the practice of SEO poisoning – a tactic often used by malicious actors to trick individuals into disclosing sensitive information or downloading malware.
Phishing is one of the most common ways that malicious cyber actors target individuals to gain initial access to healthcare networks; however, contact may be made with healthcare employees over the Internet. SEO poisoning is a technique used to drive traffic to attacker-controlled websites where instead of distributing links to malicious websites via phishing emails or SMS/instant messaging services, search engine optimization (SEO) techniques are used to get the malicious websites to appear high in the search engine listings for key search terms. The goal is to get the websites to appear in the first few results for specific search terms. The top few results in the search engine listings attract the highest number of clicks and users tend to view the top results as the most relevant and trustworthy, and will often click without checking the URLs. Blackhat SEO tactics are used such as using high numbers of keywords in the page content and meta tags (keyword stuffing), private link networks to increase backlinks to the webpage, and artificially increasing click-through rates to trick search engine algorithms. Cloaking is also commonly used, where search engine crawlers are presented with different content than natural visits to the website via clicked links.
Malicious actors use SEO poisoning to target key search terms used by businesses or healthcare employees, and typosquatting may also be used to trick users into thinking they are on a legitimate website, such as registering domains with misspellings of brand names or substituting letters in domain names with similar-looking numbers or special characters. Typosquatting is also used to catch out careless typists – individuals who accidentally type Goole rather than Google for instance. Typosquatting may also be used to register domains similar to those used by healthcare organizations.
Security awareness training programs often concentrate on teaching employees how to identify phishing attempts, but it is also important to also cover other attack techniques such as SEO poisoning to reduce the risk of employees falling victim to these attacks. Technical measures to prevent these attacks include web filters, which act as a gateway between users and the Internet and block attempts to visit known malicious websites, analyze web content and apply filtering controls before a connection is established, and restrict access to certain categories of websites. HC3 also recommends using digital risk monitoring tools to identify typosquatting, such as tools that scan new domains that are registered to look for similarities with any brands or names.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
