Black Hat SEO: Why CMOs Must Care About Web App Security

SEO has a dark side that is a potential threat to CMOs’ websites, brands, and businesses.

Black Hat SEO: Why CMOs Must Care About Web App Security

If you read the Forbes blog “What CMOs Need to Know About SEO,”  by Josh Steimle, you learned about, or were reminded of, the importance of search engine optimization (SEO) in your marketing mix. But what you didn’t learn is that there is a dark side to SEO that many CMOs haven’t heard of and don’t know is a potential threat to their websites, their brands, and their businesses.

Black hat SEO is an aggressive use of tools and techniques to increase rankings while not obeying search engine guidelines. If discovered, search engines will remove the website from search engine rankings, but bad actors use these illegal methods for quick financial return, accomplished for example, by selling black hat SEO services to illicit websites that aren’t invested long term in their websites. The part that’s even scarier for CMOs is that black hat SEO has grown up and now victimizes legitimate sites using automated hacking techniques.

Our team of researchers at the Imperva Defense Center describe the findings in a new Hacker Intelligence Initiative (HII) Report, entitled: “Black Hat SEO: A Detailed Analysis of Illegal SEO Tactics.” The report details a long-running and still active illegal attack that has been exploiting vulnerabilities in thousands of legitimate websites to increase the SEO results for illicit or harmful websites. If you’re thinking that you should immediately protect your website against such attacks, you’re right!

As most CMOs know, one of the largest influencers of SEO page rank is how many other sites contain links back to a specific page and how highly the referring sites themselves are ranked. And there is significant monetary and brand value in having as many respectable and popular sites link to the promoted page as possible.

In the campaign studied in the HII Report, the attackers compromise websites or take over web applications to create unauthorized links that point back to their clients’ websites. In one example, our researchers found the attackers compromised the content management systems of vulnerable websites to create fake blogs with links pointing back to online pharmacies–and these are not the reputable ones–to increase the SEO rankings of the online pharmacies. The illegal SEO attack campaign identified by Imperva is persistent, lasts over many months, uses several types of attacks, and promotes dozens of websites–presumably those of the paying customers of the attacker–most of which are online pharmaceutical retailers or illicit adult websites.

Aside from possibly being banned from search engine rankings as a result of an SEO attack, there are other negative impacts on victim sites. For example, an attack could inject adult website links in the middle of a respectable website’s product catalog, break an application, infect website visitors with malware, or degrade search rankings. These are headaches that no CMO wants to deal with. Your time is better spent helping your sales teams sell more, faster.

In many ways SEO is your bread and butter. You spend significant time and money optimizing your websites and your content for SEO. Intrusions such as these impact that effort and degrade brand value. To get ahead of such threats, CMOs and marketers need to partner closely with their CISO and security teams to ensure best-of-breed protection for the sites that represent their companies and their product brands.