Another way to infect your business website

In a massive malicious SEO campaign, cybercriminals are promoting low-quality Q&A sites by redirecting visitors to fake discussion forums. As a result, almost 15,000 sites have been compromised.

In September 2022, researchers at Sucuri discovered the attacks. Each compromised site was found to contain approximately 20,000 files that were utilized in the search engine campaign.

Researchers believe that the goal of threat actors is to generate enough indexed pages in order for them to increase their authority in the search engines. This will enable them to rank higher as a result.

Primarily, the malware targets WordPress sites. The hackers modified the WordPress PHP files to inject redirects to fake Q&A discussion forms.

 

Very smart malicious code

The infected files contain malicious code that checks if website visitors are logged into WordPress. If not, the visitors are redirected to a Google search click URL that redirects them to the spam Q&A site.

The use of Google search click URLs is likely to increase performance metrics on URLs in the Google index. Thus, the sites appear popular, and web traffic is seen as more legitimate, possibly bypassing some security software.

Users who are logged in are excluded so that the threat actor doesn't raise suspicion by redirecting a site administrator.

While Sucuri couldn't identify the exact way the attackers breached the website that was used for redirects, it is likely that they exploited a vulnerable plugin or brute-forced the WordPress administrator password to access the website.

 

My perspective

Sucuri recommends that users secure their admin panel with two-factor authentication or other access restrictions to prevent becoming a victim. Furthermore, users should ensure that all software on their website is up-to-date and up-to-patched to the latest versions.

"You have brains in your head. You have feet in your shoes.
You can steer yourself any direction you choose." -Dr. Seuss

 


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association