Hackers are taking advantage of an old CMS editing tool for websites that have not been updated in a long time. They are using it to break into educational and government websites all over the world. Their goal is to mess with search results by sending people to dangerous websites or scams.
Open redirect is like leaving the front door of your website wide open for hackers.
They can sneak in, pretend to be you, and lead unsuspecting visitors straight into their trap. Imagine someone sending a fake email pretending to be from your company. The email has a link that looks legit because it has your domain name. But when people click on it, instead of going to your website, they end up on the hacker's site.
This sneaky trick works because the website changes the link without you realizing it. Sometimes, it is done by the website itself using fancy code. Other times, it is as simple as sending a secret message to the visitor's browser. Either way, it is bad news for your online reputation.
Imagine a scenario where there's a link on a website like this: "https://www.example.com/?redirect=". This link is supposed to take visitors to a specific webpage. But here is the catch: anyone can change that link to lead to whatever website they want. It is like having a signpost that can be tampered with to send people wherever someone pleases. That is what we call an open redirect.
Attackers exploit open redirects to perpetrate phishing schemes, distribute malware, or perpetrate scams under the guise of legitimate domains. Because these URLs originate from reputable sources, they often evade security measures implemented by various products.
When search engines index these redirects, they unintentionally make harmful links appear higher in search results.
This means that open redirects can be used to manipulate search engine rankings by using trusted websites to promote shady content for specific searches.
Attackers exploit open redirects on trusted domains to conduct phishing, distribute malware, or scam users. These redirects bypass security filters and can rank malicious content higher in search results. Despite their risks, major companies may not prioritize fixing them unless they lead to more severe vulnerabilities.
@g0njxa, a cybersecurity researcher, uncovered a troubling malicious redirect campaign targeting university websites. This campaign exploits open redirect flaws associated with FCKeditor, a now outdated web text editor. Despite FCKeditor being replaced by the more modern CKEditor in 2009, many institutions still use the vulnerable version.
@g0njxa identified several prominent institutions impacted by the malicious redirect campaign, including MIT, Columbia University, and government websites in Virginia and Spain. Despite these warnings, the software developer's response underscores the urgency of transitioning away from FCKeditor, which has been obsolete since 2010. This highlights the critical need for adopting more secure alternatives.
