Phishing attacks surge 450% as attackers exploit SEO

Phishing attacks have surged 450% in the past 12 months as attackers exploit search engine optimisation techniques to improve the ranking of malware files on popular search engines, according to research from Netskope.

The company’s latest Cloud and Threat Report found that some attackers are becoming increasingly adept at SEO, accelerating the use of search engines to deliver malware.

The majority of malware downloaded during the 12-month period was downloaded from within the same region as the victim, reflecting the increasing sophistication and targeted nature of malware attacks, the report found.

Attackers are using a combination of cloud apps and traditional websites to target their victims, with the former accounting for 47% of malware downloads to the latter’s 53%.

Meanwhile, although EXE and DLL files account for nearly half of all malware downloads, malicious Microsoft Office macros have fallen to pre-Emotet levels thanks in large part to the industry’s efforts to introduce proactive warnings and security controls.

“Malware is no longer confined to traditional risky web categories. It is now lurking everywhere, from cloud apps to search engines, leaving organisations at greater risk than ever before,” Netskope Threat Research Director Ray Canzanese said.

“To avoid falling victim to these social engineering techniques and targeted attack methods, security leaders must regularly revisit their malware protection strategy and ensure all possible entry points are accounted for.”

Image credit: ©stock.adobe.com/au/Andrey