Phishers Piggyback on Phishing Kits to Expand Their Activities
Over the past years, phishing attacks have spiked dramatically. These types of attacks provide a wealth of opportunities for bad actors. While this is nothing new, the volume and sophistication of phishing attacks have evolved in recent years. The spike in such attacks is mostly credited to the use of phishing kits that simplify the launching process of phishing scams.
A new phishing kit in sight
- RiskIQ tracked down a new phishing kit, dubbed LogoKit, in the wild.
- Researchers discovered that the crooks had leveraged LogoKit to build more than 300 domains over a week and more than 700 sites in the past month.
- The pages mimicked using the toolkit included the login pages from SharePoint, Adobe Document Cloud, One Drive, Office 365, and several cryptocurrency exchanges.
What does this indicate?
Researchers indicate that due to the simplicity of the kit, attackers can easily compromise more sites and embed their scripts or host their own infrastructure.
The bigger picture
- Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of high-level executives.
- A phishing kit dubbed Office365 V4 was uncovered in 70 email addresses, 40 of which belonged to CEOs, directors, owners, and founders, along with other employees.
- Based on the data distribution, CEOs in the U.S. were likely the main targets of the treat actors that used the phishing kit.
- Besides high-level executives, financial firms are also at the risk of being targeted by phishing kits.
- In one recent incident, a phishing kit that includes QR code capabilities was used against Brazilian Central Bank users to steal their credentials.
The development and distribution of phishing kits are often run like legitimate software businesses. These kits effectively lower the barrier for cybercriminals and online criminals to conduct sophisticated phishing campaigns. The ease of use, affordability, and profitability of phishing means that this attack vector will likely be around for years to come.