Phishing Kits: The New Frontier For Hackers

Uploaded on 2023-04-06 in TECHNOLOGY--Resilience, TECHNOLOGY--Hackers, FREE TO VIEW

Up until now, designing and implementing a successful phishing campaign required strong technical skills to go through all the phases in the lifecycle of an attack. Phishing pages typically needed to be a perfect copy of a spoofed or targeted page and modified to surreptitiously send sensitive data collected to the phisher. 

This would ordinarily require specialist web development skills, limiting the number of people that could potentially step into the role of a phisher. Now, a new and more readily accessible form of 'off-the-shelf attack', the Phishing Kit, has been detected.

Specifically, a Phishing Kit consists of a collection of files that the hacker installs on a fake page that imitates, for example, a bank or Facebook, which already contains the code to collect credentials of users. These kits are sold to less skilled cyber criminals who then install them on the site they want to attack. This fraudulent system is dangerous, both because it allows inexperienced scammers to purchase access to complex code from a cyber criminal and because both criminal parties get access the victim's stolen data at the time of the attack.

Phishing attacks are becoming much more frequent and the availability of Phishing Kits is only likely to make things worse.

The leading Italian firm Ermes–Cybersecurity has analysed the phenomenon and discovered that, in the evolution of creating the Kits, attackers copy and paste pieces of code from other people's Kits, adapting them to their own needs.

According to Ermes, there are very few original kits, which makes it possible to identify entire clusters of related kits. 

Analysis of this threat can lead to the identification of criminals, however, the kits are not generally recognisable by users, and special tools are needed to identify the source of the code being used. To combat these threats, Ermes has built a unique and proprietary dataset containing tens of thousands of phishing kits, which are continuously augmented by downloading phishing kits left by attackers on phishing sites that have been identified.

Ermes routinely leverages this valuable resource to conduct research and map newly discovered phishing sites to a phishing kit family for the purpose of providing customers with critical insights and intelligence. Ermes is now working on a white paper dedicated to Phishing kits, which will illuminate the problem and possible solutions in detail. 

You Might Also Read:

The Dark Side Of AI:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Skills Gap Is Increasing Risk & Exposure To Attack
Law Enforcement Agencies Shut Down Genesis Market »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Veridify Security

Veridify Security

Veridify Security (formerly SecureRF), develops and licenses quantum-resistant, public-key security tools for the low-resource processors powering the Internet of Things.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

Intelligent Waves

Intelligent Waves

Intelligent Waves holds and manages contracts to provide an array of intelligence, operational, communications and IT support to the USG in austere, forward-deployed, hazardous duty environments.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

MASS

MASS

MASS provides world-class capabilities in electronic warfare operational support, cyber security, information management, support to military operations and law enforcement.

Verodin

Verodin

Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness.

Security Alliance

Security Alliance

Security Alliance provide bespoke cyber intelligence consulting and research services.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

CryptoNext Security

CryptoNext Security

CryptoNext provides optimal end-to-end post-quantum cybersecurity remediation tools and solutions for IT/OT infrastructures & applications.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.

Astra Cybertech

Astra Cybertech

At Astra Cybertech, we're more than just cybersecurity experts - we're your partners in safeguarding your digital assets.