Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
#1
https://thehackernews.com/2021/09/micros...shing.html          Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation
September 22, 2021 Ravie Lakshmanan        Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.

"With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report.

"BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators."

The tech giant said it uncovered the operation during its investigation of a credential phishing campaign that used the BulletProofLink phishing kit on either on attacker-controlled sites or sites provided by BulletProofLink as part of their service. The existence of the operation was first made public by OSINT Fans in October 2020.

Phishing-as-a-service differs from traditional phishing kits in that unlike the latter, which are sold as one-time payments to gain access to packaged files containing ready-to-use email phishing templates, they are subscription-based and follow a software-as-a-service model, while also expanding on the capabilities to include built-in site hosting, email delivery, and credential theft.

Believed to have been active since at least 2018, BulletProofLink is known to operate an online portal to advertise their toolset for as much as $800 a month and allow cybercrime gangs to register and pay for the service. Customers can also avail of a 10% discount should they opt to subscribe to their newsletter, not to mention pay anywhere between $80 to $100 for credential phishing templates that allow them to siphon login information entered by unsuspected victims upon clicking a malicious URL in the email message.

Troublingly, the stolen credentials are not only sent to the attackers but also to the BulletProofLink operators using a technique called "double theft" in a modus operandi that mirrors the double extortion attacks employed by ransomware gangs.

"With phishing kits, it is trivial for operators to include a secondary location for credentials to be sent to and hope that the purchaser of the phish kit does not alter the code to remove it," the researchers said. "This is true for the BulletProofLink phishing kit, and in cases where the attackers using the service received credentials and logs at the end of a week instead of conducting campaigns themselves, the PhaaS operator maintained control of all credentials they resell."
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Operation Cyclone deals blow to Clop ransomware operation mrtrout 0 1,772 11-08-2021 , 01:02 AM
Last Post: mrtrout
  Amnesty International links cybersecurity firm to spyware operation mrtrout 0 733 10-11-2021 , 10:02 PM
Last Post: mrtrout
  Microsoft Warns of Widespread Open Redirects Phishing Attacks tarekma7 0 696 09-04-2021 , 02:58 PM
Last Post: tarekma7
  Ragnarok ransomware operation shuts down and releases free decrypter mrtrout 0 733 08-27-2021 , 06:45 AM
Last Post: mrtrout
  Israeli Security Researches Reveals a Global Hacking Operation mrtrout 0 1,014 07-14-2021 , 07:33 AM
Last Post: mrtrout



Users browsing this thread: 4 Guest(s)