Switzerland: NCSC addresses websites hacked for search engine optimisation
The National Cyber Security Centre ('NCSC') addressed, on 10 January 2023, hacked websites exploited for search engine optimisation, as part of its summary of the 559 reports it had received in the first week of 2023. In particular, the NCSC provided that the number of reports on cyber incidents remained at similar levels to previous weeks, but that dubious search engine results stood out, with one report highlighting that numerous websites were hacked with the aim of tricking Google's search algorithm. More specifically, the NCSC outlined that the attacks were a case of search engine optimisation, with attacks injecting malicious code into websites to trick Google and subsequently improve the website's ranking, and therefore reach more users.
Accordingly, the NCSC issued the following recommendations for website operators:
- attacks on content management systems can be reduced dramatically by promptly installing security patches;
- in addition to normal authentication (username and password) for accessing the administration area, the NCSC recommends the use of two-factor authentication; and
- administrator access should be restricted to the IP addresses used by the administrator
You can read the statement here.