Phishing- As-A-Service

Uploaded on 2022-11-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

'Robin Banks' a notorious phishing-as-a-service (PhaaS) platform, has relocated its infrastructure to a Russian service platform known to used by cyber criminals and is offering a number of innovative new features to its criminal customers.

The relocation comes after the cloud infrastructure provider Cloudflare disconnected  Robin Banks from its services. The disconnection caused a prolonged outage to operations, according to a report from cyber security company IronNet.

Robin Banks was first reported in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services.

It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetise initial access to corporate networks for post-exploitation activities such as espionage and ransomware. 

Cloudflare's decision to blocklist its infrastructure in the wake of public disclosure has prompted  Robin Banks to move its frontend and backend to DDoS-Guard. "This hosting provider is also notorious in not complying with takedown requests, thus making it more appealing in the eyes of threat actors," said the IronNet researchers.

One of the features introduced is a cookie-stealing functionality which is achieved by reusing code an open source adversary-in-the-middle attack framework employed to steal credentials and session cookies from Google, Yahoo, and Microsoft Outlook even on accounts that have multi-factor authentication enabled.

  • Robin Banks is also said to have incorporated a new security measure that requires its customers to turn on two-factor authentication (2FA) to view the stolen information via the service, or, alternatively, receive the data through a Telegram bot.
  • Another notable feature is its use of ad fraud detection service, to redirect targets of phishing campaigns to rogue websites, while leading scanners and unwanted traffic to benign websites to slip under the radar.

Despite using an open-source tool that other cyber criminals could use themselves, Robin Banks charges customers a premium of $1500 a month on top of the regular $200 monthly fee for use of the cookie-stealing feature.

While there are numerous cyber criminals with the skills to develop their own proprietary hacking tools and malware in addition to maintaining the infrastructure necessary to conduct cyber attacks. The widespread availability of open-source tools hacking is having a commoditising effect, enabling less skilled cyber criminals to go phishing.

Heimdal:      IronNet:      CyberNews:       HotHardware:   tHacker News:    BleepingComputer: 

 IT Security News:      Security Affairs:     Phishing Tackle:

You Might Also Read:

Hackers Breach Multifactor Authentication:

 

« Ransomware Attacks Linked to FIN7
Smartphones Are More Vulnerable Than You Think »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Computing Technology Industry Association (CompTIA)

Computing Technology Industry Association (CompTIA)

CompTIA is dedicated to advancing industry growth through its educational programs, market research, networking events, professional certifications, and public policy advocacy.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Yotta Infrastructure Solutions

Yotta Infrastructure Solutions

Yotta Infrastructure, a Hiranandani group company, provide Datacenter Colocation and Tech Services such as Cloud services, Network & Connectivity, IT Security and IT Management services.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

LaScala

LaScala

LaScala is an IT Managed Services provider delivering technical, security, and compliance solutions with dedication, compassion, and agility.

Ignite Cyber

Ignite Cyber

IGNITE Cyber is focused on enabling secure technology adoption through intelligent business decisions. We are focused on providing a secure and stable business environment for everyone.

Prompt Security

Prompt Security

Prompt Security provides an LLM agnostic approach to ensure security, data privacy and safety across all aspects of Generative AI.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.

Sinergi Digital

Sinergi Digital

Sinergi Digital is a business unit of the Metrodata Group with a focus on providing ICT solution to help accelerating digital transformation.

Gcore

Gcore

Gcore is an international leader in public cloud and edge computing, content delivery, hosting, and security solutions.