CAMBRIDGE, Mass., Jan. 12, 2016 /PRNewswire/ -- Akamai
Technologies, Inc. (NASDAQ: AKAM), the global leader in content
delivery network (CDN) services, issued today a new Web security
threat advisory from the company's Threat Research Division. Threat
Research has identified a sophisticated search engine optimization
(SEO) campaign that uses SQL injections to attack targeted
websites. Affected websites will distribute hidden Hypertext Markup
Language (HTML) links that confuse search engine bots and
erroneously impact page rankings. A full report detailing the
attack is available for download here
http://www.stateoftheinternet.com/seo-attacks
Overview
Over the course of a two week period in Q3
2015, Threat Research analyzed data gathered from the Akamai
Intelligent Platform™ and observed attacks on more than
3,800 websites and 348 unique IP addresses participating in the
various campaigns, revealing the following key findings:
- Evidence of mass defacement – when searching the
Internet for the HTML links that were used as part of this
campaign, Threat Research identified hundreds of web applications
containing these malicious links.
- Attacks manipulated search engine results – when
searching for a combination of common words such as "cheat" and
"story", it was apparent that the "cheating stories" application
appeared on the first page of the leading search engines.
- Analytics showcased impact of attacks– Threat Research
looked at Alexa analytics and the ranking of the "cheating stories"
application dramatically increased during the three month
span.
Search engines use specific algorithms to determine page
rankings and indexing for sites on the web, and the number and
reputation of links that redirect to the web application influence
these rankings. The SEO attackers created a chain of external links
that direct to stories of cheating and infidelity on the web to
mimic normal web content and impact search engine algorithms.
"The ability to manipulate page rankings is an enticing
proposition and business for attackers," said Stuart Scholly, Senior Vice President and
General Manager, Security Business Unit, Akamai. "If successful,
attacks can impact revenue and, most importantly, the reputation of
many organizations and companies using the Internet."
Mitigation
Attacks in the campaign have demonstrated a unique understanding
of search engine operations, and accordingly, Threat Research
recommends the following defense techniques:
For Web Application Developers
- Ensure that you have implemented proper input validation checks
for all user-supplied data that will be used within a back-end
database query. Reference:
https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet
- Only use prepared statements with parameterized queries when
constructing SQL queries based on user-supplied data. Reference:
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
For Web Application Defenders
- Deploy a Web Application Firewall (WAF) that is configured in a
blocking mode for SQL Injection attacks.
- Consider profiling and monitoring the HTML response body format
to help identify if there are significant changes such as an
increase in the number of web links.
Akamai continues to monitor ongoing SEO attack campaigns
leveraging SQL injection techniques. To learn more please download
a complimentary copy of the threat advisory at
http://www.stateoftheinternet.com/seo-attacks
About Akamai
As the global leader in Content Delivery Network (CDN) services,
Akamai makes the Internet fast, reliable and secure for its
customers. The company's advanced web performance, mobile
performance, cloud security and media delivery solutions are
revolutionizing how businesses optimize consumer, enterprise and
entertainment experiences for any device, anywhere. To learn how
Akamai solutions and its team of Internet experts are helping
businesses move faster forward, please visit www.akamai.com or
blogs.akamai.com, and follow @Akamai on Twitter.
Contacts:
|
Rob Morton
Media Relations
617-444-3641
rmorton@akamai.com
|
--or--
|
Tom Barth
Investor Relations
617-274-7130
tbarth@akamai.com
|
Logo -
http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/akamai-identifies-seo-web-application-attack-campaign-300202696.html
SOURCE Akamai Technologies, Inc.