I read an article today in which a judge declared that Google monopolized search.
Well, that is a big duh!
How long did it take the government to figure that out?
Today, I will not debate the merits of Google's status.
I have a far more serious security concern to discuss.
Over the years, I believe that Google has turned its previously beautiful search process into a free-for-all advertising campaign. You search for one thing, and a company (or a bad actor) has paid for something completely different to come up in the top search results. Often, you have to scroll way down to find traditional old-school Google results unpolluted by the paid results.
But the other serious problem is that bad actors have become experts at what is known as "SEO poisoning." They manipulate their keywords and results to drive their malware-laced links into the top 10 of the delivered search results. SEO poisoning is not unique to Google; any other search engine could have the same issues.
You go to Google and search for a download of a legitimate agent you need to install. Often the bad actor has created a fake page that looks exactly like the real page. AI has ensured that it is very hard to tell the real from the fake page anymore. You think you find what you want from the vendor you are talking to. You dutifully fill out the contact page to get your desired download.
You start your download. Perhaps you hesitate wondering if you are getting the right file from the right place. Your phone rings. It is the bad actor saying they are your desired vendor's tech support, and they noticed you were having difficulty downloading from their site. They tell you they are here to help you get what you want and assist you in completing the download and install.
Do you believe them and accept their help as awesome tech support?
If so, then death comes quickly to your network.
This scenario is happening thousands of times a day. SEO poisoning combined with aggressive direct contact with the downloader is getting unsuspecting users to infect themselves at an alarming rate.
There are a few things you can do:
- The FBI recommends installing an AdBlocker to block malicious ads. I like AdBlocker Plus, but there are many others.
- Make sure you are using DNS filtering like Cisco Umbrella to trap out known malware links automatically.
- Make sure you download only from your trusted vendor's site.
- Ensure you are not using Bing or Google search engines to look up that site.
- Put a strong email spam protection service in front of your email to protect you from malicious email links and the file attachments they contain.
- Do not allow your users to have "local admin rights" so they can't install without assistance from your staff.
- Make sure you have that UAC prompt challenge turned on so that any install attempts (regardless of rights) will prompt for elevated credentials.
- I have mostly given up asking Google or Bing to search for anything for me. Instead, I use the free Microsoft Copilot to sift through all this noise and present me with actual meaningful data free of ads or garbage. I like Microsoft Copilot a lot.
- Make sure the concept of SEO poisoning and how to properly vet search results, is part of your Security Awareness Training (SAT).
If you need help putting DNS filtering in place or have a strong email spam filtering environment in front of your email environment, please call us.
-Scott Quimby, CISSP
You must be logged in to post a comment.