430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks are abusing Google Search Console to remain under the radar

Experts at Sucuri revealed that cybercriminals are abusing Google Search Console to hide their presence in compromised websites, administrators are advised! Security experts at Sucuri firm have discovered cyber criminals are increasingly abusing legitimate webmaster tools (Google Search Console) for black hat SEO and hide their presence on compromised websites. The operation for crooks is […]

cosign

Experts at Sucuri revealed that cybercriminals are abusing Google Search Console to hide their presence in compromised websites, administrators are advised!

Security experts at Sucuri firm have discovered cyber criminals are increasingly abusing legitimate webmaster tools (Google Search Console) for black hat SEO and hide their presence on compromised websites.

The operation for crooks is quite simple, they just need to upload an HTML file provided by Google to the hijacked website.

Google Search Console

“When hackers get access to a website, it’s easy for them to create this file and verify themselves as an owner. Here is some further evidence from the forum:

  • Search Console Account Hacked: “An HTML verification file is being placed on my server in the root directory. I am not placing it there, and it’s not being placed there using my FTP account.”
  • Unauthorized verification of webmaster owners: “And in my site’s file manager, I spotted these whole verification HTML files just created recently, and I have deleted those unknown files.

Usually these files are being uploaded via vulnerabilities in web applications or via backdoors that hackers install after breaking into websites. That’s why deleting the file and changing FTP passwords is usually not enough” explained by Sucuri.

With this trick, cyber criminals don’t need to hack the legitimate owner’s Google account to assign their profile the status of “owner” in the Google Search Console.

Google allows each website to have multiple owners, but when a new one is verified, all the other owners receive a notification email. The email is sent to alert them and allow them to revoke the new ownership in case of abuses. The problem is that if the legitimate owners don’t see the notification email, the attacker can revoke their status of “verified” owner so that they no longer receive any notifications.

In this way, attackers can hide their presence and avoid Google’s threat detection systems.

As explained by Sucuri, the problem is related to the lack of notification to the legitimate owners when they have been unverified.

The researchers have discovered many forum posts from webmasters of various websites who noticed multiple new owners being added to their Google Search Console accounts.

The experts at security recommend webmasters to verify ownership of all their websites, including their subdomains, a prompt response is an effective defense against such attacks.

Experts at Sucuri suggested the following methods to avoid attackers to be able to easily unverify your account:

Unlike the HTML file and the Meta tag verification methods, these three require hackers to have access to your Google and domain name registrar accounts in order to be able to unverify you.

Pierluigi Paganini

(Security Affairs – Google Search Console, cybercrime)