#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

phishing-as-a-service | Breaking Cybersecurity News | The Hacker News

Category — phishing-as-a-service
How Phishing Attacks Adapt Quickly to Capitalize on Current Events

How Phishing Attacks Adapt Quickly to Capitalize on Current Events

Aug 12, 2024 AI in Cybersecurity / Fraud Prevention
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress . What's behind the surge in phishing? One popular answer is AI – particularly generative AI, which has made it trivially easier for threat actors to craft content that they can use in phishing campaigns, like malicious emails and, in more sophisticated cases, deepfake videos . In addition, AI can help write the malware that threat actors often plant on their victims' computers and servers as part of phishing campaigns. Phishing as a Service , or PhaaS, is another development sometimes cited to explain why phishing threats are at an all-time high. By allowing malicious parties to hire skilled attackers to carry out phishing campaigns for them, PhaaS makes it easy for anyone with a grudge – or a desire to exfiltrate some money from unsuspecting victims – to launch phishing attacks. Phishing has become agil
Oyster Backdoor Spreading via Trojanized Popular Software Downloads

Oyster Backdoor Spreading via Trojanized Popular Software Downloads

Jun 21, 2024 Malware / Malvertising
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious payloads that users are redirected to after searching for them on search engines like Google and Bing. The threat actors are luring unsuspecting users to fake websites purporting to contain legitimate software. But attempting to download the setup binary launches a malware infection chain instead. Specifically, the executable serves as a pathway for a backdoor called Oyster, which is capable of gathering information about the compromised host, communicating with a hard-coded command-and-control (C2) address, and supporting remote code execution. While Oyster has been observed in the past being delivered by means of a dedicated loader component known as Broomstick Loader (aka Oyster Instal
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide

Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide

Apr 18, 2024 Cybercrime / Phishing-as-a-Service
As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called  LabHost  that has been used by criminal actors to steal personal credentials from victims around the world. Described as one of the largest Phishing-as-a-Service ( PhaaS ) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other service providers located primarily in Canada, the U.S., and the U.K. As part of the operation, codenamed PhishOFF and Nebulae (referring to the Australian arm of the probe), two LabHost users from Melbourne and Adelaide were arrested on April 17, with three others arrested and charged with drug-related offenses. "Australian offenders are allegedly among 10,000 cybercriminals globally who have used the platform, known as LabHost, to trick victims into providing their personal information, such as online banking logins, credit card details and passwords, through persistent phishing attacks sent via te
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

Darcula Phishing Network Leveraging RCS and iMessage to Evade Detection

Mar 28, 2024 Cybercrime / Email Security
A sophisticated phishing-as-a-service (PhaaS) platform called  Darcula  has set its sights on organizations in over 100 countries by leveraging a massive network of more than 20,000 counterfeit domains to help cyber criminals launch attacks at scale. "Using iMessage and RCS rather than SMS to send text messages has the side effect of bypassing SMS firewalls, which is being used to great effect to target USPS along with postal services and other established organizations in 100+ countries," Netcraft  said . Darcula has been employed in several high-profile phishing attacks over the last year, wherein the smishing messages are sent to both Android and iOS users in the U.K., in addition to those that leverage package delivery lures by impersonating legitimate services like USPS. A Chinese-language PhaaS, Darcula is  advertised on Telegram  and offers support for  about 200 templates  impersonating legitimate brands that customers can avail for a monthly fee to set up phishin
Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Jan 26, 2024 Malvertising / Phishing-as-a-service
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura  said  in a Thursday report. "Such programs give an attacker full control of a victim's machine and the ability to drop additional malware." It's worth noting that the activity, codenamed  FakeAPP , is a continuation of a  prior attack wave  that targeted Hong Kong users searching for messaging apps like WhatsApp and Telegram on search engines in late October 2023. The latest iteration of the campaign also adds messaging app LINE to the list of messaging apps, redirecting users to bogus websites hosted on Google Docs or Google Sites. The Google infrastructure is used to embed link
How Hackers Phish for Your Users' Credentials and Sell Them

How Hackers Phish for Your Users' Credentials and Sell Them

Nov 28, 2023 Cybercrime / Breach Prevention
Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization's entire network at risk. According to the  2023 Verizon Data Breach Investigation Report , external parties were responsible for  83 percent  of breaches that occurred between November 2021 and October 2022.  Forty-nine percent  of those breaches involved stolen credentials. How are threat actors compromising credentials? Social engineering is one of the  top five cybersecurity threats  in 2023. Phishing, which accounts for %of social engineering attempts, is the go-to method for stealing credentials. It's a relatively cheap tactic that yields results. As phishing and social engineering techniques become more sophisticated and the tools become more readily available, credential theft should become a top security concern for all organizations if it already isn't one. Phishing has evolved With phishing and s
Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Major Phishing-as-a-Service Syndicate 'BulletProofLink' Dismantled by Malaysian Authorities

Nov 13, 2023 Cyber Crime / Dark Web
Malaysian law enforcement authorities have  announced  the takedown of a phishing-as-a-service (PhaaS) operation called  BulletProofLink . The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform were based out of the country. To that end, eight individuals aged between 29 and 56, including the syndicate's mastermind, have been arrested across different locations in Sabah, Selangor, Perak, and Kuala Lumpur, New Straits Times  reported . Along with the arrests, authorities confiscated servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately $213,000. BulletProofLink , also called BulletProftLink, is known for offering ready-to-use phishing templates on a subscription basis to other actors for conducting credential harvesting campaigns. These
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Aug 10, 2023 Cyber Threat / Online Security
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations worldwide between March and June 2023. Nearly 39% of the hundreds of compromised users are said to be C-level executives, including CEOs (9%) and CFOs (17%). The attacks have also singled out personnel with access to financial assets or sensitive information. At least 35% of all compromised users had additional account protections enabled. The campaigns are seen as a response to the increased adoption of multi-factor authentication (MFA) in enterprises, prompting threat actors to evolve their tactics to bypass new security layers by incorporating adversary-in-the-middle ( AitM ) phishing kits to
Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests

Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests

Aug 10, 2023 Cyber Crime / Hacking
Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale, ultimately facilitating the theft of credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, and Cash App, among others. "Victims typically receive an email with a pdf file or link that redirects to a site requesting the victims' credit card or other personally identifiable information," Interpol  said . "This information is then stolen and used to extract money from the victims." No less than 70,000 users across 43 countries are estimated to have been compromised via services offered on 16Shop. The law enforcement operation has also led to the arrest of the site's administrator, a 21-year-old Indonesian
New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages

New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages

May 13, 2023
A new phishing-as-a-service (PhaaS or PaaS) platform named  Greatness  has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages," Cisco Talos researcher Tiago Pereira  said . "It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page." Campaigns involving Greatness have mainly manufacturing, health care, and technology entities located in the U.S., the U.K., Australia, South Africa, and Canada, with a spike in activity detected in December 2022 and March 2023. Phishing kits like Greatness offer t
Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Oct 11, 2022
Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called  Caffeine  to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns," Mandiant  said  in a new report. Some of the core features offered by the platform comprise the ability to craft customized phishing kits, manage redirect pages, dynamically generate URLs that host the payloads, and track the success of the campaigns. The development comes a little over a month after Resecurity took the wraps off another PhaaS service dubbed  EvilProxy  that's offered for sale on dark web criminal forums. But unlike EvilProxy, whose operators are known to vet prospective customers before activating the subscriptions, Caffeine is notable for running an o
Two New Platforms Found Offering Cybercrime-as-a-Service to 'Wannabe Hackers'

Two New Platforms Found Offering Cybercrime-as-a-Service to 'Wannabe Hackers'

Jul 15, 2017
Cybercrime has continued to evolve and today exists in a highly organised form. Cybercrime has increasingly been commercialised, and itself become big business by renting out an expanded range of hacking tools and technologies, from exploit kits to ransomware, to help anyone build threats and launch attacks. In past few years, we have witnessed the increase in the popularity of malware-as-a-service (MaaS), which is today a prosperous business on the underground black market that offers an array of services, including ransomware-as-a-service , DDoS-as-a-service , phishing-as-a-service, and much more. Two such services have recently been spotted by two separate group of researchers, which we have detailed in this article. Ovidiy Stealer — $7 Password-Stealing Malware For Everyone A new credential stealing malware that targets primarily web browsers is being marketed at Russian-speaking web forums for as cheap as $7, allowing anyone with even little technical knowledge to h
Expert Insights / Articles Videos
Cybersecurity Resources