Off-the-shelf tools give attackers everything they need to build authentic-looking phishing campaigns
Organizations must understand the tools used by cyber-scammers if theyre to tackle the growing phishing threat, according to a white paper that examines the DIY kits that are driving the phenomenon.
Written by threat intelligence firm ZeroFOX, The Anatomy of a Phishing Kit explores the phishing kit business model and ecosystem, which make the process so easy that even the least capable of scammers is able to pull off a phishing campaign.
Small-time cybercriminals need not manage their own infrastructure or design their own scams, thanks to the growing prevalence of readymade phishing kits.
These off-the-shelf tools give attackers everything they need to build an authentic-looking website and lure victims into entering sensitive personal information via emails or social media posts purporting to come from trusted sources.
To install the kit, wannabe cybercriminals set up a dropper email inbox, and sometimes a Telegram channel, ZeroFOX researchers said.
They then configure the kit to send results to droppers; buy infrastructure via web hosts, domains, or compromised websites; and unzip a file containing the kit onto a target machine.
Operators then spam the phishing kit URL, usually via SMS, email, or social media.
The research focuses on sophisticated vendors that emulate the licensing model used by legitimate Software-as-a-Service (SaaS) vendors, rather than unlicensed or cracked kits.
These premium vendors typically provide technical support via social media or slick tutorial videos hosted on the dark web or anonymous chat applications.
RELATED Healthcare email hack exposes 78,000 cardiovascular patients data
Via administrator dashboards, users can access detailed logs of visits to their malicious sites and the sensitive information disclosed, as well as training guides and other tools.
If their phishing sites are identified as malicious and taken down, attackers can quickly set up new domains to minimize downtime.
Easy-to-configure letters emails that spoof legitimate organizations are also available from vendors, as well as from phishing communities found on social media, chat apps, or invite-only forums.
Phishing kits are helping to fuel a rise in email and social media scams
In response to growing demand, the number of phishing kits advertised on underground cybercrime marketplaces doubled, while prices jumped from $122 to $304, between 2018 and 2019, according to Group-IB research dissected by The Daily Swig.
And Akamai reported in April that phishing kits were being repurposed to target a newly dispersed workforce during the Covid-19 pandemic.
The greater availability and market of the kits definitely contributes to the overall increase in phishing activity, Zack Allen, director of threat operations at ZeroFOX, tells The Daily Swig.
With browser-based exploits having been almost eliminated by the latest browser security features, the money in malicious websites specifically is almost exclusively in phishing now.
The ZeroFOX Alpha Team found that the price of phishing kits invariably paid in cryptocurrency appeared to be roughly pegged to the popularity of the targeted sectors.
The most widely imitated sectors according to the latest phishing figures(PDF) from the Anti-Phishing Working Group SaaS/webmail (accounting for 33.5% of campaigns), financial institutions (19.4%), and payment platforms (13.3%) were also targeted by the most expensive licensed kits.
It is clear that financial institutions offer lucrative opportunities for attackers to profit due to the nature of financial transactions and inherent trust built between financial consumers and the institutions themselves, said the ZeroFOX researchers.
Read more of the latest cybersecurity research news
SaaS/webmail kits, meanwhile, could be used by spammers to do additional pivots through email in order to obtain access to accounts owned by the victim.
Kits that spoofed social media companies (only accounting for 8.3% of campaigns) and cloud storage vendors (3.9%) were priced for the cash-strapped cybercrook and often circulated for free.
Organizations must ramp up their counter-phishing efforts in the face of proliferating, increasingly well-equipped enemies, suggests Zack Allen.
In some ways, its a lot harder to catch phishing pages due to the use of kits, he explains.
The latest innovations include geo-fencing victims to a particular region of the world, as well as only allowing mobile users to view the site. This is typically a result of an actor who can configure and code these kits for their own use, but since its now consumer-focused, much less-sophisticated operators can use these features.
Organizations should defend against an ecosystem rather than just a link in an email, advises the white paper.
Analyzing the kits, the developers behind the kits as well as the TTPs of the operators can provide a cybersecurity team a holistic view of who and what they are combating, the report states.
READ MORE Ledger data breach impacts one million users, hardware wallet funds are safe
Follow this link:
- Green with Envy | How to Spot an Eco-Snob | Part III - November 8th, 2009 [November 8th, 2009]
- EcoLogo - November 8th, 2009 [November 8th, 2009]
- 5 Ways to Green Your Exercise Routine - November 8th, 2009 [November 8th, 2009]
- Seed Bombs - November 8th, 2009 [November 8th, 2009]
- Guerrilla gardening - November 8th, 2009 [November 8th, 2009]
- Green Your Morning Routine - November 8th, 2009 [November 8th, 2009]
- Environmental Benefits of Telecommuting - November 8th, 2009 [November 8th, 2009]
- Safeway Sponsors Portland Community Cleanup - November 8th, 2009 [November 8th, 2009]
- Electric Vehicle Race - November 8th, 2009 [November 8th, 2009]
- Portland Bridge Pedal 2009 - November 8th, 2009 [November 8th, 2009]
- E-waste in Oregon - November 8th, 2009 [November 8th, 2009]
- Bike Sharing in Portland - November 8th, 2009 [November 8th, 2009]
- Bucks for the Bay Challenge - November 8th, 2009 [November 8th, 2009]
- Drive to Make a Difference with MyMPG - November 8th, 2009 [November 8th, 2009]
- Bathroom Sprayers - Green your Toilet Routine - November 8th, 2009 [November 8th, 2009]
- Ubuntu OS can Save Energy - November 8th, 2009 [November 8th, 2009]
- Green Metropolis, David Owen - November 8th, 2009 [November 8th, 2009]
- Sustainable Pens: GLO Pens - November 8th, 2009 [November 8th, 2009]
- International Day of Climate Action - November 8th, 2009 [November 8th, 2009]
- Donate to Oregon Toxics Alliance - November 8th, 2009 [November 8th, 2009]
- Biomass Energy Generation Myths - November 8th, 2009 [November 8th, 2009]
- Crude The Real Price of Oil | Playing in Portland - November 8th, 2009 [November 8th, 2009]
- Pictures From 350 Climate Day in Portland - November 8th, 2009 [November 8th, 2009]
- Arcimoto Electric Vehicles in Oregon - November 8th, 2009 [November 8th, 2009]
- Urban Rooftop Wind Turbines - November 8th, 2009 [November 8th, 2009]
- Chromium 6 Emissions from ESCO in Portland - December 13th, 2009 [December 13th, 2009]
- Food Inc. Review - December 19th, 2009 [December 19th, 2009]
- Making Maps with Google Earth and Google Maps by Shane Bradt of the University of New Hampshire Cooperative Extension - March 23rd, 2010 [March 23rd, 2010]
- Demonstration of Miradi 3.1 by Nick Salafsky of Foundations of Success - March 23rd, 2010 [March 23rd, 2010]
- Advanced Mashups – KML and the Mapping API by Cary Chadwick of the University of Connecticut Center for Land Use Education and Research - March 23rd, 2010 [March 23rd, 2010]
- Demonstration of InVEST by Heather Tallis of the Natural Capital Project - March 23rd, 2010 [March 23rd, 2010]
- GIS Maps Online by Emily Wilson of the University of Connecticut Center for Land Use Education and Research - March 23rd, 2010 [March 23rd, 2010]
- From ArcGIS to Web Maps: Simple Techniques for Publishing GIS Maps Online by Emily Wilson of the University of Connecticut Center for Land Use Education and Research - March 25th, 2010 [March 25th, 2010]
- Demonstration of Marine InVEST by Anne Guerry of the Natural Capital Project - March 31st, 2010 [March 31st, 2010]
- Eliminate and Decrease Styrofoam - March 31st, 2010 [March 31st, 2010]
- Portland Plans to Spend $600 million on Master Bike Plan - April 2nd, 2010 [April 2nd, 2010]
- (Webinar in Spanish) Demostración sobre Vista 2.5 de NatureServe en línea (Webinar) por Ian Varley, Carmen Josse, y Alexandra Sanchez de Lozada de NatureServe. - April 6th, 2010 [April 6th, 2010]
- Using and Adding Your Content to Google Ocean by Charlotte Vick, Google Content Manager of Mission Blue - April 13th, 2010 [April 13th, 2010]
- End Paper Receipts - May 1st, 2010 [May 1st, 2010]
- Demonstration of CanVis by Chris Haynes of NOAA Coastal Services Center - May 6th, 2010 [May 6th, 2010]
- Demonstration of HD.gov Web Portal by Jeff Adkins from NOAA Coastal Services Center - May 13th, 2010 [May 13th, 2010]
- Demonstration of Ecosystem Assessment and Reporting Tool by Steve Schill of The Nature Conservancy - May 13th, 2010 [May 13th, 2010]
- Demonstration of Version 2.0 of the Multipurpose Marine Cadastre by Adam Bode and Brian Smith of NOAA Coastal Services Center - May 17th, 2010 [May 17th, 2010]
- CRUDE Filmmakers Subpoenaed by Chevron - May 22nd, 2010 [May 22nd, 2010]
- Demonstration of the Digital Coast Coastal Inundation Toolkit by Steph Beard, Jodie Sprayberry and Billy Brooks of NOAA Coastal Services Center - May 25th, 2010 [May 25th, 2010]
- Presentation on the Creating Resilient Communities EBM Tool Demonstration Project by Jocelyn Hittle of PlaceMatters - June 10th, 2010 [June 10th, 2010]
- Presentation on Economic Data Needed for EBM by Linwood Pendleton of Duke University - October 11th, 2010 [October 11th, 2010]
- Recycling Water - October 16th, 2010 [October 16th, 2010]
- ODOT Partners with Oregon Toxics Alliance to Reduce Pesticides - October 17th, 2010 [October 17th, 2010]
- Goats Hired to Mow Portland Lot - October 17th, 2010 [October 17th, 2010]
- A World of Health: Connecting People, Place, and Planet - October 17th, 2010 [October 17th, 2010]
- Alternative Recycling Options - October 17th, 2010 [October 17th, 2010]
- No More Bullying the Bull Trout - October 17th, 2010 [October 17th, 2010]
- 1000+ EV Charging Stations Slated for Oregon I-5 Corridor - October 17th, 2010 [October 17th, 2010]
- The Vertical Farm Concept - October 17th, 2010 [October 17th, 2010]
- Blog Action Day 2010 | Water - October 17th, 2010 [October 17th, 2010]
- Eco Districts - October 24th, 2010 [October 24th, 2010]
- Will The Nissan Leaf Thrive? - October 24th, 2010 [October 24th, 2010]
- A Green Railroad - October 24th, 2010 [October 24th, 2010]
- Biomass is not Oregon's clean-energy future as currently promoted - October 24th, 2010 [October 24th, 2010]
- Electrified Parking Spaces - October 24th, 2010 [October 24th, 2010]
- Tree Planting - October 24th, 2010 [October 24th, 2010]
- Three Tips to Reduce Your Carbon Footprint and Live Longer. - October 24th, 2010 [October 24th, 2010]
- Biomass is not Oregon’s clean-energy future as currently promoted - October 31st, 2010 [October 31st, 2010]
- Rail~Volution - October 31st, 2010 [October 31st, 2010]
- Green Streets Initiative - October 31st, 2010 [October 31st, 2010]
- Mayor Kitty Piercy and Envision Eugene - November 7th, 2010 [November 7th, 2010]
- The Willamette River Transit Bridge - November 13th, 2010 [November 13th, 2010]
- Collaborative Learning and Land Use Tools to Support Community Based Ecosystem Management by Chris Feurt of the Wells National Estuarine Research Reserve - November 14th, 2010 [November 14th, 2010]
- Portland Federal Building Begins Green Makeover - November 14th, 2010 [November 14th, 2010]
- Vestas’ New HQ in Portland Shoots for LEED Platinum - November 14th, 2010 [November 14th, 2010]
- College Degrees to Get You in the Environmental Field - November 14th, 2010 [November 14th, 2010]
- Demonstration of openNSPECT, an Open Source Version of the Nonpoint-Source Pollution and Erosion Comparison Tool by Dave Eslinger of NOAA Coastal Services Center - February 14th, 2011 [February 14th, 2011]
- Demonstration of EMDS by Keith Reynolds of the US Forest Service - February 14th, 2011 [February 14th, 2011]
- Demonstration of Habitat Priority Planner by Chrissa Waite and Danielle Bamford of NOAA Coastal Services Center - February 14th, 2011 [February 14th, 2011]
- Presentation on the Coastal Adaptation to Sea Level Rise Tool (COAST) by Sam Merrill of the New England Environmental Finance Center - February 14th, 2011 [February 14th, 2011]
- Presentation on the Coastal and Marine Ecological Classification Standard by Kathy Goodin of NatureServe - February 14th, 2011 [February 14th, 2011]
- Demonstration of Coral Reef Scenario Evaluation Tool (CORSET) by Jessica Melbourne-Thomas of the University of Tasmania - February 14th, 2011 [February 14th, 2011]
- Demonstration of Multi-scale Integrated Models of Ecosystem Services (MIMES) by Roel Boumans and David McNally of AFORDable Futures LLC - February 14th, 2011 [February 14th, 2011]
- Creating Life in the Desert - February 14th, 2011 [February 14th, 2011]