“Because users are well aware of the threat of email malware, they exercise a fair bit of caution while opening links, attachments and emails from unknown sources. Unfortunately these same users are far less suspicious of search engine results,” says Dave Ewart, Director of Product Marketing EMEA at Blue Coat Systems. “While using a search engine, we are mentally predisposed to click on things because we are exploring. Research has shown that users are most likely to click on one of the first few links that result from the search query. Cyber criminals are now exploiting this behaviour and by using the same techniques that legitimate organizations use for search engine optimization, they manage to have their tainted links listed high up in the search results.”
The research by Blue Coat also uncovered another surprising fact; it is not the search results for information about major news events or celebrities that are most likely to lead to tainted links. Broadly searched terms on mundane topics such as recipes and sample letters accounted for 42 percent of successful search engine poisoning attacks.
“While most organizations have warned users about the risks of malicious content turning up in response to popular web searches such as big world events, popular celebrity news, and other headline news events, our research into the actual success of these attacks has shown that it is the more commonly searched topics that pose the greatest risk. The reason for this is the 'clutter factor'. With so many legitimate sites covering big events such as the Olympics, it is hard for cyber criminals to consistently get their pages into the top results where people might actually see and click on them,” says Ewart.
Since it is so difficult to penetrate the top ten search engine results with poisoned results on big events, the cyber criminals have shifted tactics to social networking, chiefly Facebook and Twitter. Many people use these sites as news sources for breaking news, so they are primed to be looking for content. These sites also have much less experience in filtering out bogus or dangerous content, so it is easier for attackers to exploit them.
Furthermore, the research shows that non-English Search Engine Poisoning (SEP) attacks consistently placed a higher number of poisoned links in the Top 10 results than English SEP attacks. Users therefore need to be wary of the domain names of the sites which turn up in their search results as there are higher possibilities of infection from domains such as .ru (Russia) and .cn (China).
About Blue Coat Systems
Blue Coat Systems provides Web security and WAN optimization solutions to 85 percent of FORTUNE Global 500 companies. As the market share leader in the secure web gateway market, Blue Coat sets the standard for enterprise security. Its solutions provide the visibility, protection and control required to optimize and secure the flow of information to any user, on any network, anywhere. For additional information, please visit www.bluecoat.com.
Blue Coat, ProxySG, WebPulse and the Blue Coat logo are registered trademarks or trademarks of Blue Coat Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.
For more information, please contact:
Manal Abi Rafeh
Blue Coat Systems ME
Telephone: +971 4 3911620
Fax: +971 4 3911635