Hackers Rediscover an Old Way to Make Money: Follow Trending Topics Like The Red Hen Restaurant
Get started on your cybersecurity degree at American Military University.
By LTC Steven Howard, U.S. Army (Ret.)
On June 27, the security firm Malwarebytes discovered that the website for The Red Hen restaurant may have been the victim of “spamdexing.” If The Red Hen sounds familiar, it is the Lexington, Virginia restaurant whose owner refused to serve White House Press Secretary Sarah Huckabee Sanders in June.
According to Malwarebytes, The Red Hen’s website homepage has had spam text injected into its HTML coding. To casual visitors, however, the site looks and runs normally as the code is “hidden.”
The spam text links in question send visitors to landing pages for various pharmaceuticals, including Viagra and Naltrexone. Since The Red Hen website is experiencing unusually high traffic due to the current news cycle, the threat actors are hoping to get a search engine boost from the compromised restaurant’s homepage.
How Did Hackers Gain Access to The Red Hen Website?
It is unclear how the hackers gained access to the website. The Red Hen website is hosted on WordPress, so it is possible that the hackers could have gained access through default admin credentials. It is even possible that the site’s webmaster was the unwitting victim of a basic phishing scheme.
Spamdexing Attack Short-Term Form of Income for Hackers
Regardless, this spamdexing attack points to a unique way to boost a hacker’s income: follow what is currently trending in the news. When a smaller, more vulnerable site like The Red Hen becomes the subject of national attention, the opportunity for spamdexing is a surefire way to get a short-term SEO boost to sites that likely make the hacker money.
The real compromise here is that the hackers were able to gain access to the website’s content management system or the server itself via FTP. It’s likely that a small restaurant such as The Red Hen doesn’t have the resources or cybersecurity know-how to properly protect itself from attack.
The lesson to be learned here is to ensure that your organization is taking proper precautions against intrusions. Even if those precautions are as basic on education against phishing schemes, they can be helpful.