Phishing attacks have been a cybersecurity issue for quite some time now. They range from generic attacks to targeted campaigns. Lately, there has been a rise in phishing attacks and cybercriminals are evolving their phishing kits to evade detection.
Diving into details
Off-the-shelves, modern phishing kits are being sold on underground forums that contain several, sophisticated detection avoidance and traffic filtering processes to not be marked as threats. Fake websites impersonating renowned brands are created using phishing kits featuring realistic login pages, brand logos, and in special cases, dynamic web pages.
Detection evasion
Phishing kits contain visitor filtering settings to stop analysis software, guests, and bots from entering non-target areas. Some obfuscation techniques have been described below.
- Caesar cipher - involves replacing characters in a way to jumble up content. Once the page loads, correct characters are displayed.
- Page source encoding - base64 or AES encoding on the text.
- Invisible HTML tags - adding invisible junk HTML tags that serve as harmless noise hiding the malicious code.
- String slicing - cutting strings into groups of characters and referring to them by a number in the code table.
- Randomized HTML attributes - adding huge numbers of randomized tag attribute values.
Some stats your way
- In 2021, Kaspersky identified 469 unique phishing kits and blocked 1.2 million phishing websites.
- In October 2021, the number of individual domains where content unboxed from phishing kits amounted to more than 25,000.
The bottom line
The number of advanced phishing kits employing anti-detection, geoblocking, and anti-bot features is steadily increasing. Hence, organizations are recommended to implement account takeover protection measures and monitor email inboxes for suspicious activities.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_85597089_MEDIUM.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/37ce_shutterstock_639700315.jpg)
