Malicious links still on EU Commission website as hackers change tactics

A security company flagged to the European Commission that cybercriminals used its official website to spread hundreds of malicious links. Twenty days on, the EU executive is still struggling to regain a firm grip on the situation.

On March 10, Nord Security, the company best known for NordVPN, detected that cybercriminals targeted the European Commission’s European School Education Platform to spread illegal streaming links, money, and premium account generators for numerous online services.

Nord Security’s findings included OnlyFans premium accounts, PlayStation Network gift cards, Fortnite dollar, and Cash App money generators.

“NordVPN contacted the European Commission about the security issue as soon as it was discovered,” the technology company said in a statement on Tuesday (March 28).

“The European Commission has not yet responded but has managed to remove most of the fake profiles on the website. However, this is still a significant problem as malicious actors have found a new way to exploit the website – by uploading PDF files with malicious links,” the statement reads.

A Commission spokesperson told EURACTIV that they are aware of the issue and continue working to solve it.

“We would like to thank all attentive experts and interested parties for helping us to identify such worrying and unfortunate abuse. We are working closely with all the concerned services to find the best solutions with the least possible disruption,” the Commission representative added.

Malicious links

The danger lies in the fact that users would not suspect malicious links to be posted on an official website like the one of the European Commission, leading them to online scams or illegal content.

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, noted that these links “can also infect users’ devices with dangerous malware, which steals their data or takes control of the entire device”.

Therefore, the company advises not to click on the links of the European Commission’s European School Education Platform and to use malware protection tools.

The Platform website allows schools and other educational organisations to create profiles to facilitate searching for partners across Europe.

Criminals took advantage of these features by impersonating educational institutions, filling their profiles with numerous keywords associated with illicit content, and leaving malicious links at the bottom of the profile.

This type of attack is known as ‘blackhat search engine optimisation’. They target government websites that rank high in Google searches because, in so doing, cybercriminals can easily avoid being blocked by search engines for malicious content.

“We hope that the European Commission will solve this problem as soon as possible by putting in place an authentication system that prevents criminal intervention,” Warmenhoven added.

Similarly, Google failed to spot fake profiles and PDF files on the government website and thus ranks them first in search results.

Other government organisations have seen similar attacks in the past. For instance, in September 2020, PDF files containing online game hacks were uploaded to the official websites of UNESCO and the World Health Organisation.

“Long-term solutions will require changes in the way we enable people to exchange with the Commission. We are proceeding as quickly as possible while ensuring that we continue to provide uninterrupted services to and exchange with citizens,” the Commission spokesperson said.