Share
))
HBO and The Ringer's Bill Simmons hosts the most downloaded sports podcast of all time, with a rotating crew of celebrities, athletes, and media staples, as well as mainstays like Cousin Sal, Joe House, and a slew of other friends and family members who always happen to be suspiciously available.
…
continue reading
Manage episode 517675023 series 3625301
Content provided by Chatcyberside. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Chatcyberside or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Attackers are poisoning search results and buying sponsored ads to push malware disguised as trusted software. In this episode, Sherri Davidoff and Matt Durrin break down the latest SEO poisoning and malvertising research, including the Oyster/Broomstick campaign that hid backdoors inside fake Microsoft Teams installers. Learn how these attacks exploit everyday user behavior, why they’re so effective, and what your organization can do to stop them.
Whether you’re a security leader, risk manager, or seasoned IT pro, you’ll walk away with clear, practical steps to reduce exposure and strengthen your defenses against the poisoned web.
KEY TAKEAWAYS
- Block and filter ad content at the enterprise level. Use enterprise web proxies, browser controls, and DNS filtering to block sponsored results and malicious domains tied to critical business tools or portals.
- Establish and enforce trusted download paths. Require that all software come from signed, verified, or internal repositories — not search results. Enforce application whitelisting so only verified executables can run — this blocks malicious installers even if a user downloads them.
- Incorporate poisoned-search scenarios into training and awareness materials. Teach staff to type trusted URLs, use bookmarks, or access internal portals directly rather than searching.
- Assess search behavior across your organization. Track how users find tools and portals — are they typing URLs, using bookmarks, or searching externally? Use this data to identify high-risk departments or roles and tailor awareness campaigns accordingly. Over time, shift culture toward safer, more deliberate browsing habits.
- Expand monitoring and detection. Hunt for persistence artifacts linked to poisoned-download infections, such as new scheduled tasks, DLL registrations, or rundll32.exe activity. Flag software installs originating from search-referral URLs in your EDR and SIEM.
- Conduct tabletop exercises that include search poisoning. Simulate incidents where employees download fake software or fall for poisoned ads. Practice tracing attacks back to SEO poisoning, identifying other potential victims, and developing plans to block future attacks through technical and policy controls.
Please like and subscribe for more cybersecurity content, and visit us at www.LMGsecurity.com if you need help with cybersecurity, training, testing, or policy development.
Resources & References
- Blackpoint Cyber SOC: Malicious Teams Installers Drop Oyster Malware
- BleepingComputer: Fake Microsoft Teams Installers Push Oyster Malware via Malvertising
- Netskope: Cloud & Threat Report 2025
- Netskope Press Release: Phishing Clicks Nearly Tripled in 2024
44 episodes
