Off-the-shelf tools give attackers everything they need to build authentic-looking phishing campaigns
Organizations must understand the tools used by cyber-scammers if theyre to tackle the growing phishing threat, according to a white paper that examines the DIY kits that are driving the phenomenon.
Written by threat intelligence firm ZeroFOX, The Anatomy of a Phishing Kit explores the phishing kit business model and ecosystem, which make the process so easy that even the least capable of scammers is able to pull off a phishing campaign.
Small-time cybercriminals need not manage their own infrastructure or design their own scams, thanks to the growing prevalence of readymade phishing kits.
These off-the-shelf tools give attackers everything they need to build an authentic-looking website and lure victims into entering sensitive personal information via emails or social media posts purporting to come from trusted sources.
To install the kit, wannabe cybercriminals set up a dropper email inbox, and sometimes a Telegram channel, ZeroFOX researchers said.
They then configure the kit to send results to droppers; buy infrastructure via web hosts, domains, or compromised websites; and unzip a file containing the kit onto a target machine.
Operators then spam the phishing kit URL, usually via SMS, email, or social media.
The research focuses on sophisticated vendors that emulate the licensing model used by legitimate Software-as-a-Service (SaaS) vendors, rather than unlicensed or cracked kits.
These premium vendors typically provide technical support via social media or slick tutorial videos hosted on the dark web or anonymous chat applications.
RELATED Healthcare email hack exposes 78,000 cardiovascular patients data
Via administrator dashboards, users can access detailed logs of visits to their malicious sites and the sensitive information disclosed, as well as training guides and other tools.
If their phishing sites are identified as malicious and taken down, attackers can quickly set up new domains to minimize downtime.
Easy-to-configure letters emails that spoof legitimate organizations are also available from vendors, as well as from phishing communities found on social media, chat apps, or invite-only forums.
Phishing kits are helping to fuel a rise in email and social media scams
In response to growing demand, the number of phishing kits advertised on underground cybercrime marketplaces doubled, while prices jumped from $122 to $304, between 2018 and 2019, according to Group-IB research dissected by The Daily Swig.
And Akamai reported in April that phishing kits were being repurposed to target a newly dispersed workforce during the Covid-19 pandemic.
The greater availability and market of the kits definitely contributes to the overall increase in phishing activity, Zack Allen, director of threat operations at ZeroFOX, tells The Daily Swig.
With browser-based exploits having been almost eliminated by the latest browser security features, the money in malicious websites specifically is almost exclusively in phishing now.
The ZeroFOX Alpha Team found that the price of phishing kits invariably paid in cryptocurrency appeared to be roughly pegged to the popularity of the targeted sectors.
The most widely imitated sectors according to the latest phishing figures(PDF) from the Anti-Phishing Working Group SaaS/webmail (accounting for 33.5% of campaigns), financial institutions (19.4%), and payment platforms (13.3%) were also targeted by the most expensive licensed kits.
It is clear that financial institutions offer lucrative opportunities for attackers to profit due to the nature of financial transactions and inherent trust built between financial consumers and the institutions themselves, said the ZeroFOX researchers.
Read more of the latest cybersecurity research news
SaaS/webmail kits, meanwhile, could be used by spammers to do additional pivots through email in order to obtain access to accounts owned by the victim.
Kits that spoofed social media companies (only accounting for 8.3% of campaigns) and cloud storage vendors (3.9%) were priced for the cash-strapped cybercrook and often circulated for free.
Organizations must ramp up their counter-phishing efforts in the face of proliferating, increasingly well-equipped enemies, suggests Zack Allen.
In some ways, its a lot harder to catch phishing pages due to the use of kits, he explains.
The latest innovations include geo-fencing victims to a particular region of the world, as well as only allowing mobile users to view the site. This is typically a result of an actor who can configure and code these kits for their own use, but since its now consumer-focused, much less-sophisticated operators can use these features.
Organizations should defend against an ecosystem rather than just a link in an email, advises the white paper.
Analyzing the kits, the developers behind the kits as well as the TTPs of the operators can provide a cybersecurity team a holistic view of who and what they are combating, the report states.
READ MORE Ledger data breach impacts one million users, hardware wallet funds are safe
Follow this link:
- The infrastructure of Kick Ecosystem - hackernoon.com - September 25th, 2020
- Humans Destroyed Intact Ecosystem Land the Size of Mexico in Just 13 Years - EcoWatch - September 25th, 2020
- This is the size of undisturbed ecosystems lost in 13 years - World Economic Forum - September 25th, 2020
- maurices Partners with TCS to Build Greenfield IT Ecosystem for its Growth and Transformation - PRNewswire - September 25th, 2020
- Helping the UN Guide Ecosystem Restoration Into the Mainstream - CSRwire.com - September 25th, 2020
- Don't eat the rainforests: Top brands complicit in Indonesia's ecosystem destruction, probe alleges - Down To Earth Magazine - September 25th, 2020
- Colombia: Cross Border Tech Innovation and Ecosystem building - PRNewswire - September 25th, 2020
- The DNS Ecosystem, Its Vulnerabilities, and Threat Mitigations - CircleID - September 25th, 2020
- Scaling Up The Start-up Ecosystem Recommendations Of Standing Committee On Finance - Finance and Banking - India - Mondaq News Alerts - September 25th, 2020
- VR AR Content Creation Ecosystem Market will Register a Significant CAGR During Period 2020-2026 | 18.5% CAGR| Know the Companies List Could... - September 25th, 2020
- Why the new farm Bills should excite the advertising ecosystem - Business Standard - September 25th, 2020
- The Launching Ceremony for XnMatrix Wrapped Up, the Next Generation of Cloud Computing Eco-System Sets Sail - AiThority - September 4th, 2020
- Why Harmless Harvest takes an ecosystem-based approach to business - New Hope Network - September 4th, 2020
- An 'Ecosystem' Has Propelled NYC Life Sciences Over The Past 5 Years - Bisnow - September 4th, 2020
- BorgWarner expands collaboration with startup ecosystem Plug and Play - Automotive World - September 4th, 2020
- 'Drilling Would Have Devastating Impacts on This Fragile Ecosystem' - FAIR - September 4th, 2020
- Jellypipe launches its online AM ecosystem in the UK and Ireland - Metal Additive Manufacturing magazine - September 4th, 2020
- A Burgeoning Robotic Ecosystem Is Reshaping the Business Landscape - IoT World Today - September 4th, 2020
- New approach needed to protect health of Californias rivers - CALmatters - September 4th, 2020
- Ricoh unveils new AI-powered digital transformation ecosystem to drive Workflow and Process Automation - PRNewswire - September 4th, 2020
- Global mHealth Ecosystem Market Size, Comprehensive Analysis, Development Strategy, Future Plans and Industry Growth with High CAGR by Forecast 2025 |... - September 4th, 2020
- IoT Ecosystem Creates an Optimized Smart Warehouse - The Union Journal - September 4th, 2020
- Eight Startups That Could Transform The Aviation Ecosystem - Aviation Week - September 4th, 2020
- TRON and Band Protocol Form Strategic Partnership; Scalable Oracle Technology and Ecosystem Integrations Underway - Business Wire - September 4th, 2020
- The Eight Startups That Could Transform The Aviation Ecosystem - Aviation Week - September 4th, 2020
- Eisai will shift U.S. HQ to New Jersey 'bio-ecosystem' in move to boost oncology, neurology portfolios - FiercePharma - August 12th, 2020
- What is an entrepreneurial ecosystem? And why you need one to raise a startup - TNW - August 12th, 2020
- Thales Expands Technology Partner Ecosystem to Accelerate Enterprises' Cloud and Digital Transformation Initiatives - Business Wire - August 12th, 2020
- Navajo Nation and Environmental Groups Oppose Dam Project Impacting Grand Canyon Ecosystem - Between The Lines - August 12th, 2020
- Alchemy Goes Public With Developer Platform in Bid to Grow DeFi Ecosystem - CoinDesk - CoinDesk - August 12th, 2020
- ScamNation Report Profiles Digital Ecosystem Targeting Readers of False, Hyperpartisan News with COVID-19 Subscription Traps - GlobeNewswire - August 12th, 2020
- Ecosystem Services: Nature's Gifts That Help Us Thrive | Earth 911 - Earth911.com - August 12th, 2020
- How an entrepreneur saved Kerala wetland ecosystem from real estate interest - Down To Earth Magazine - August 12th, 2020
- QDX HealthID Signs Distribution Agreement with Innova Medical Group Inc. Adding Antigen, Molecular and Antibody Tests to its COVID-19 Test Ecosystem -... - August 12th, 2020
- 5 VCs on the future of Michigans startup ecosystem - TechCrunch - August 12th, 2020
- VCIA: blockchain-based ecosystem will shape digital future of captive industry - Captive Insurance Times - August 12th, 2020
- Microsoft and Samsung need each other now more than ever - The Verge - August 12th, 2020
- "ScamNation" Report Profiles Digital Ecosystem Targeting Readers of False, Hyperpartisan News with COVID-19 Subscription Traps - Benzinga - August 12th, 2020
- "Transitioning to future with stronger APAC healthcare ecosystem" - BSA bureau - August 12th, 2020
- BBT is the first and most competitive game ecosystem - GameDev.net - August 12th, 2020
- Purple urchin has overrun kelp forests, commercial divers and conservationists have have joined forces to restore the North Coasts marine ecosystem -... - August 12th, 2020
- Four Altcoins Could Break Out As Ethereum-Based Ecosystem Goes Parabolic, According to Messari Researcher - The Daily Hodl - August 12th, 2020
- Samsung Unveils Five New Power Devices in the Galaxy Ecosystem to Empower Your Work and Play - Samsung Global Newsroom - August 10th, 2020
- Google Cloud partner ecosystem is thriving and valuable to partner companies, says IDC - TechRepublic - August 10th, 2020
- Global Forecasts for the Intelligent Transportation System Market to 2025 with COVID-19 Impact Analysis by Offering, System, Application, and... - August 10th, 2020
- Diversity & Inclusion in Investment Management: SEC Explores Creating a More Inclusive Capital Formation Ecosystem - JD Supra - August 10th, 2020
- New Marine Park in Australia's Northern Territory Protects a Flourishing Ecosystem - The Pew Charitable Trusts - August 10th, 2020
- Ecosystem of innovation - The News International - August 10th, 2020
- Chehalis River: Watershed Helath, Climate Resilience, and Ecosystem Restoration - The Columbian - August 10th, 2020
- CerebrumX Launched - Buckling Up the Car Data Monetization Ecosystem for the Exciting Ride Ahead - PRNewswire - August 10th, 2020
- Vinli Hires George Ayres as Executive Vice President of Partnerships to Drive the Future of Its Connected Vehicle Ecosystem - PRNewswire - August 10th, 2020
- 6 Ways to Build the Healthcare System of the Future - HealthLeaders Media - August 10th, 2020
- How The Chinese Open Source Ecosystem Is Thriving And Advancing AI - Analytics India Magazine - August 10th, 2020
- Best of BS Opinion: Indias digital ecosystem, beyond Ayodhya, and more - Business Standard - August 10th, 2020
- How can Canadas performing arts ecosystem change in the face of COVID-19? - The Globe and Mail - August 10th, 2020
- yEarn Expanding its Ecosystem to Bring in Hot DeFi Tokens into the Mix - Bitcoin Exchange Guide - August 10th, 2020
- What is the current state of the UAE's startup ecosystem? - Gulf Business News - August 10th, 2020
- COVID-19 Impact & Recovery Analysis - Commercial Vehicle Advanced Emergency Braking System (AEBS) Market (2020-2024) | Integration of Advanced... - August 10th, 2020
- Global Connected Cow and Farm Market Report 2020: Market Size, Forecasts, Insights and Opportunities to 2025 - ResearchAndMarkets.com - Business Wire - August 10th, 2020
- Alabama Mercedes plant among first in world to use innovative production system - Alabama NewsCenter - August 8th, 2020
- Enhanced efficiency thanks to new family of applications: Digital Mercedes-Benz production ecosystem MO360: global production networked in real time -... - August 8th, 2020
- Peril in the hills: Extreme weather a danger for Nilgiri ecosystem - Down To Earth Magazine - August 8th, 2020
- IPL returns but will be played in UAE; Indian cricket ecosystem loses out - The Times of India Blog - August 8th, 2020
- The Giant Panda Is a Conservation Icon, But The Success Story Masks a Dark Truth - ScienceAlert - August 7th, 2020
- This mobile game lets you build ecosystems that will help solve real-world ecological problems - Fast Company - August 7th, 2020
- BigPanda Invests in Partner Ecosystem to Deliver on Customer Demand for Improved IT Operations - GlobeNewswire - August 7th, 2020
- The IoT Community Internet of Things Community Announces Phizzle Has Joined Its Elite IoT Ecosystem as a Gold Level Corporate Member - Business Wire - August 7th, 2020
- COVID-19 Impacts: Clinical Trial Management System Market Will Accelerate at a CAGR of Almost 11% Through 2020-2024 | Increasing Outsourcing of... - August 7th, 2020
- The AR/VR ecosystem Are we there yet? - VentureBeat - August 4th, 2020
- Spixii Joins Duck Creek Technologies Partner Ecosystem, Offering Award-Winning Claim Solution to Deliver on Customer Expectations at the Moment of... - August 4th, 2020
- Addressing the potential impact of coronavirus disease (COVID-19) on The Wearable Technology Ecosystem Market: Quantitative Analysis from 2018 to 2030... - August 4th, 2020
- India Gaming Summit 2020: How Dream11 plans to build the esports ecosystem from the bottoms up - The Financial Express - August 4th, 2020
- Huawei Ecosystem has gone beyond the heights with 1.6 M Global Developers - - Technology Times Pakistan - August 4th, 2020
- Opinion | How to make online payments bustle with competition - Livemint - August 4th, 2020
- Building ecosystems is hard. Auditing them is worse. - Stacey on IoT - August 4th, 2020
- AB 3030 fails to recognize marine protections that exists in California - CALmatters - August 4th, 2020
- VoLTE (Voice over LTE) Ecosystem Industry Market Professional Survey 2020 by Manufacturers, Share, Growth, Trends, Types and Applications, Forecast to... - August 4th, 2020
- COVID-19 Impacts: Global Automotive Intelligent Door System Market will Accelerate at a CAGR of almost 12% through 2020-2024|Growing Demand for... - August 4th, 2020
- Podcast: CLUECON SPECIAL FEATURE OrecX not only delivers top shelf stereo recording, but delivers a huge ecosystem of add on technology that may... - August 4th, 2020
- Singapore Launches SGGA To Create A Sustainable And Inclusive Ecosystem for Gaming and Esports. - IGN Southeast Asia - August 4th, 2020