Blue Coat Warns that ‘Search Engine Poisoning’ Poses Greater Threat to Internet Users than Email
Lack of awareness and predictable search behaviour are the reasons why this type of attack is becoming increasingly popular with cyber criminals
September 12, 2012 4:16 by Colin_Saldanha
Dubai, United Arab Emirates, August 15, 2012 – Contrary to popular belief, internet users are shown to be more at risk of downloading malicious content while using popular search engine websites such as Google, Bing and Yahoo than they are using email. New research conducted by Blue Coat Systems shows that a whopping 40 percent of the time users unwittingly find malware through poisoned search engine results. The same Blue Coat research shows email as a threat vector is a distant second at just 11.6 percent.
“Because users are well aware of the threat of email malware, they exercise a fair bit of caution while opening links, attachments and emails from unknown sources. Unfortunately these same users are far less suspicious of search engine results,” says Dave Ewart, Director of Product Marketing EMEA at Blue Coat Systems. “While using a search engine, we are mentally predisposed to click on things because we are exploring. Research has shown that users are most likely to click on one of the first few links that result from the search query. Cyber criminals are now exploiting this behaviour and by using the same techniques that legitimate organizations use for search engine optimization, they manage to have their tainted links listed high up in the search results.”
The research by Blue Coat also uncovered another surprising fact; it is not the search results for information about major news events or celebrities that are most likely to lead to tainted links. Broadly searched terms on mundane topics such as recipes and sample letters accounted for 42 percent of successful search engine poisoning attacks.
“While most organizations have warned users about the risks of malicious content turning up in response to popular web searches such as big world events, popular celebrity news, and other headline news events, our research into the actual success of these attacks has shown that it is the more commonly searched topics that pose the greatest risk. The reason for this is the ‘clutter factor’. With so many legitimate sites covering big events such as the Olympics, it is hard for cyber criminals to consistently get their pages into the top results where people might actually see and click on them,” says Ewart.
Since it is so difficult to penetrate the top ten search engine results with poisoned results on big events, the cyber criminals have shifted tactics to social networking, chiefly Facebook and Twitter. Many people use these sites as news sources for breaking news, so they are primed to be looking for content. These sites also have much less experience in filtering out bogus or dangerous content, so it is easier for attackers to exploit them.
Furthermore, the research shows that non-English Search Engine Poisoning (SEP) attacks consistently placed a higher number of poisoned links in the Top 10 results than English SEP attacks. Users therefore need to be wary of the domain names of the sites which turn up in their search results as there are higher possibilities of infection from domains such as .ru (Russia) and .cn (China).
About Blue Coat Systems
Blue Coat Systems provides Web security and WAN optimization solutions to 85 percent of FORTUNE Global 500 companies. As the market share leader in the secure web gateway market, Blue Coat sets the standard for enterprise security. Its solutions provide the visibility, protection and control required to optimize and secure the flow of information to any user, on any network, anywhere. For additional information, please visit www.bluecoat.com.
Blue Coat, ProxySG, WebPulse and the Blue Coat logo are registered trademarks or trademarks of Blue Coat Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.
For more information, please contact:
Manal Abi Rafeh
Blue Coat Systems ME
Telephone: +971 4 3911620
Fax: +971 4 3911635
Email: manal.abirafeh@Blue Coat.com
Media Contact:
Colin Saldanha
PR Consultant
PROCRE8
Dubai – UAE
GSM: +971 (50) 6400762
Email: colin@procre8.biz
More on News
-
Red Hat Expands Technical Account Management Services to Offer SAP® Solution-centric Support
-
R&M’s New CSR Report Highlights Company’s Achievements in Advancing Ecological Efficiency and Social Accountability
-
NCoV – First report of patient-to-nurse spread
-
Struggling Singapore Airlines fights back
-
Saudi regulations target stock market speculators
-
Dubai’s Arqaam Capital Eyes South Africa, Saudi Expansion
-
U.S. Targets Two UAE Firms For Dealing With Blacklisted Iran Banks
-
Airbus officially picked by Kuwait Airways
-
ManageEngine Adds Auditing Capabilities to Exchange Reporter Plus
-
Pro Art Gallery to Host ‘‘Contemporary Turkish Art Exhibition’’
-
Turkish Airlines faces strike
-
Sabq.org celebrates 5th Anniversary – Honors DMS / Choueiri Group as key partners in success
-
Cassells Al Barsha Hotel is managed by Five Continents Hotels & Resorts
-
Nothing But Cruises
-
GMR reveals top 50 Mena Corporate Brands
-
HID Global Showcases Its Portfolio of Secure Identity Solutions at Cards and Payments 2013
-
Sixth National Technology Parade winners honored
-
ManageEngine Syncs Cloud Passwords
-
Rosie Napravnik Amongst International Stars Confirmed for the Dubai Duty Free Shergar Cup
-
Cheil Expands with New Experiential Department
Lately on Kipp
-
Dusting off the Emirates ID card
-
Turkish Airlines Can Ride Out Turbulence
-
Taking on Abercrombie & Fitch
-
Red Hat Expands Technical Account Management Services to Offer SAP® Solution-centric Support
-
R&M’s New CSR Report Highlights Company’s Achievements in Advancing Ecological Efficiency and Social Accountability
-
NCoV – First report of patient-to-nurse spread
