Shameless hackers are targeting the world’s most prestigious organisations and governments to hijack their websites and use them to distribute spam and malicious links.
The practice, part of a strategy known as “Black Hat SEO”, has seen cyber criminals attempt to piggyback off the reputation of bodies like the World Health Organisation (WHO) and UNESCO. Their sites appear at the top of Google searches and have the highest domain authority — a measure of trust among search engines.
Last month an investigation by cybersecurity company NordVPN discovered the latest high-profile victim was the European Commission (EC), whose site was peppered with a host of illegal links including OnlyFans free subscriptions, movie streams and PlayStation gift cards.
Criminals had been hiding this treasure trove of spam on part of the Commission’s site dedicated to education, which allows organisations to create profiles to partner with schools across Europe.
By posing as an educational organisation they gained permission to post on the platform and then filled multiple profiles with keywords and PDF links to the illegal content.
NordVPN contacted the European Commission about the security breach and most of the fake profiles have now been removed. However, while they were part of the EC site for over a month, Google failed to spot the bogus links, meaning they were appearing on the first page of hundreds of thousands of search results, giving the hackers a perfect shop window.
In 2018, hackers launched an attack on dozens of websites run by the UK government. The sites, which included web pages for NHS trusts and local councils, were found to contain software that harnessed the power of visitors’ computers to mine cryptocurrency.
Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, comments: “Opportunistic hackers are always happy to ride on the coat-tails of others to achieve their goals, and with Black Hat SEO — and the right website — they can hide malicious material in plain sight.
“The lack of oversight and proper spam filters on high-profile official websites can be damaging because people have much greater trust in these platforms and are more likely to feel safe browsing them.
“Malicious links, like those seen on the European Commission site, can harm unwary visitors in a variety of ways. Not only can they take them to other webpages where they can be scammed or access illegal content, but they can also infect their gadgets with malware, which steals their data or takes control over the entire device.
“We hope that the European Commission will fix this issue properly by bringing in an authentication system that stops these criminal attacks. In the meantime it’s important to always stay cautious when clicking on a link, even on a trustworthy website and use anti-malware tools like Threat Protection.”
