March 22, 2017 By Mark Samuels 2 min read

Chronicles of site hacking continue to increase, and businesses must take steps to ensure their online properties are safe and secure.

Google recently reported hacked site numbers increased by about one-third (32 percent) through 2016. The search giant added it does not expect this trend to slow down this year, since cybercriminals become increasingly aggressive in their tactics.

Who Gets Hacked?

Google found that hacked sites are often affected in similar ways. One of the most popular methods of attack is the gibberish hack, where attackers create pages filled with keywords on a target site. These pages rank highly in search and can be used to redirect unsuspecting individuals to malicious content.

A second approach is the Japanese keywords hack, where attackers create Japanese text pages containing links to stores selling counterfeit goods. There is also the cloaked keyword attack, where pages appear to be part of an original, legitimate site but contain hidden links to dubious content.

Google expected the problem to increase further. In fact, the company suggested malicious actors will continue to capitalize on the internet by infecting more online properties as sites become outdated.

Staying Ahead of Attackers

Webmasters who fix problems via manual notification from Google can apply for a site review through a reconsideration request. Google reported as many as 84 percent of webmasters who apply for reconsideration successfully clean their sites.

However, webmasters will only receive a notification of infection if their sites are verified in Search Console, a free service that allows site owners to check site performance. Almost two-thirds (61 percent) of webmasters did not receive a notification from Google that their site was infected because they were not verified in Search Console.

Google encouraged site managers to register for Search Console, since the service remains the firm’s main communication channel for site health alerts.

How to Avoid Becoming a Hacked Site

IT managers and webmasters must be aware of the risk a hacked site poses. They should take preventative and proactive measures to keep errant individuals at bay.

The web has become the platform of choice for many attackers, and websites are not the only target. Experts have reminded developers to program defensively to prevent security bugs from cropping up in their online software. Security professionals should also be aware of vulnerabilities posted by connected Internet of Things (IoT) devices — ForeScout stated that some products can be compromised in as little as three minutes.

Google reminded webmasters that it is always best to take a preventative approach rather than having to deal with the aftermath of an attack. Site leaders should stay on top of updates from content management system providers as well as software and hardware vendors.

More from

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today