So-called “Black Hat SEO” services have popped up on Dark Web forums bringing advantageous search results to anyone willing to pay a small monthly fee.
According to security vendor Cybersixgill, threat actors are making use of services that exploit illegal SEO tactics using a combination of stuffing keywords, redirecting links from other sites and making use of paid links. Any domain – whether malicious or legitimate – that uses these techniques will eventually be delisted from search engines. But, because threat actors can change domains like the wind changes directions, making temporary use of the beneficial SEO rankings has become so popular that it’s now being offered as a service.
Now you may be thinking these “SEO experts” are playing by the same rules as regular companies – but that’s just not the case. According to Cybersixgill, an example domain for sale had a whopping 177,105 backlinks pointing to it – something not possible for a legitimate organization to accomplish (unless you're one of the Internet’s most popular websites).
The danger in ranking high for specific search terms is it allows threat actors an opportunity to rank for a seemingly benign term – or even something very targeted to a specific company, industry, or area of research – that would make someone within an organization visit a malicious website and click on malicious links or download malicious files.
Good cyber hygiene best practices taught by Security Awareness Training involve only visiting known-safe websites (whether that’s based on the website being known to the user or because a security solution that scrutinizes domains and/or websites says it is. Be sure your users know about this problem; otherwise they may find out next time they run a search.
