The Threats of Phishing-As-A-Service

Monica Morris • Oct 01, 2021

To pull off successful phishing in the past, attackers need decent technical skills and must put in some work. This was a barrier to entry for would-be cybercriminals.

However, with the advent of phishing-as-a-service (PhaaS) , any malicious actor now has the means of executing sophisticated phishing attacks against various targets.

Despite the publicity, phishing remains a major way through which cybercriminals compromise organizations’ systems.

Phishing-as-a-service provides low-cost and easy-to-use access to phishing tools and kits.

In order to properly understand phishing-as-a-service, we’ll discuss the activities of a phishing-as-a-service provider exposed by Microsoft in a recent blog post.

The Phishing as a Service
Microsoft office 365 security researchers came across a large-scale phishing campaign that involved over 300,000 subdomains in its various attacks. The underlying phishing-as-a-service provider for these attacks was discovered to be BulletProofLink which is believed to have been operating since 2018.

The operators behind the phishing service openly advertise their services on websites/social media using promotional materials. These services aid attackers in outsourcing parts or all of their phishing campaigns to third parties.

BulletProofLink also known as Anthrax, offers both a one-off service and subscription-based model for their customers.

It also provides more than 100 phishing templates for Brands and online services to help customers to steal credentials from unsuspecting businesses.

Attackers no longer need to clone websites and email on their own because of the proliferation of done-for-you phishing services that boasts a large selection of emails and fake sign-in pages.

BulletProofLink Services
The cost of BulletProofLink’s phishing service ranges from $50 for a one-time hosting link and as much as $800 for a monthly subscription.

Researchers discovered that BulletProofLink didn’t just make money by selling kits and services, they also received a copy of stolen data that their clients get in a process known as double extortion or double theft.

Bitcoin is used as a payment method on bulletproof’s website and they offer customer support via Skype, ICQ, forums, and chat rooms.

Phishing Templates
Customers can purchase phishing templates from BulletProofLink that will be self-hosted and sent to a custom email target list. In this case, the client is in charge of directly collecting stolen login details.

For customers who want a more complete service, this phishing-as-a-service provider can host the malicious link and collect victims’ credentials before forwarding the logs to subscribers via ICQ or email.

Bulletproof email and hosting templates are designed to evade anti-phishing security systems. They also host a large array of phishing kits which makes detection more challenging as they cannot be identified with just one phishing signature.

Phishing Kits
Phishing kits are phishing materials and tools that are sold by cybercriminals and resellers to potential attackers. The kits contain packages that include already developed websites, documents, and email templates.

Attackers use the kit to set up their own phishing websites on purchased domains. The kits are made available as a one-time download or via a web portal provided by the PhaaS operators.

In phishing-as-a-service, attackers pay the controllers to get the necessary kit for a phishing campaign.

Service providers who offer the complete package of hosting and data collection are also popular with customers.

Anti-Security Features of BulletProofLink Services
BulletProofLink services use some interesting techniques in their phishing kits. These include:

1. The infinite Subdomain Abuse:

This is a method by which the compromised DNS of a website can be configured for wildcard subdomain creation. This means that an attacker can create multiple unique URLs for each phishing email recipient while only being in control of one domain. Anti-phishing software that relies on matching exact URL or domain finds it challenging to detect this pattern of attack.

 2. Zero-point Font: Bulletproof link phishing email kits also make use of the Zero-font technique for evading anti-malware. In this method, random characters are inserted between words that are likely to be flagged by antivirus. But these characters are reduced to zero font so they are invisible to readers but can throw off email scanners.

Protecting Your Organization from Phishing as a Service
• Set up anti-phishing policies for your organization and enforce them
• Install anti-phishing solutions to block malicious email
• Configure the highest security settings for your email provider
• Enable link scanning tools such as SafeLinks to scan for malicious emails
• Train employees to spot and report phishing emails

Phishing attacks will continue to increase as they become easier to deploy thanks to phishing-as-a-service providers. Maintaining a secure working environment is challenging because of the evolving threat landscape. SDTEK can help your business deploy strong security solutions to protect it against phishing. Get in touch today to discuss your options.

Fort Wayne Indiana downtown

Staying Ahead of Cyber Threats in Fort Wayne: A Guide for Local Businesses

05 Jan, 2024
In an era where digital transformation is at its peak, businesses are increasingly vulnerable to cyber threats in Fort Wayne, Indiana. With cybercriminals becoming more sophisticated, local companies must avoid these threats to safeguard their digital assets. As cybersecurity experts, SDTEK is dedicated to helping Fort Wayne businesses fortify their defenses against these ever-evolving threats. Understanding the Cyber Threat Landscape in Fort Wayne Like many thriving urban areas, Fort Wayne is home to a diverse range of businesses. The variety of enterprises here makes the city a vibrant economic hub, from bustling tech startups to established manufacturing companies. However, this diversity also makes the area a target for cybercriminals. The most common threats include phishing attacks, ransomware, data breaches, and malware. Small and medium-sized businesses (SMBs) are particularly vulnerable, often due to limited IT security resources. Recognizing these threats is the first step in building an effective defense strategy. Why Cybersecurity Matters More Than Ever for Local Businesses The consequences of cyber attacks can be devastating. They can lead to financial loss, damage to reputation, and legal implications if customer data is compromised. In today's interconnected world, the fallout from a security breach can extend far beyond the immediate damage, impacting customer trust and business continuity. Tailored Cybersecurity Strategies for Fort Wayne Businesses At SDTEK, we understand that there is no one-size-fits-all solution to cybersecurity. This is why we offer customized security strategies that cater to the specific needs of Fort Wayne businesses. Our approach includes: Risk Assessment: Evaluate your business's particular risks, considering factors unique to your industry and operational model. Employee Training: Empowering your staff with knowledge and best practices to recognize and prevent potential cyber threats. Implementing Robust Security Measures: This includes firewalls, anti-virus software, and secure Wi-Fi networks tailored to your business's specific needs. Regular Monitoring and Updates: Continuously monitor for threats and keep your security systems up-to-date to combat new and emerging threats. Best Practices for Cyber Hygiene In addition to tailored strategies, there are general best practices that every business in Fort Wayne can implement: Regularly update software and systems to patch vulnerabilities. Use strong, unique passwords and consider multi-factor authentication. Regularly back up data and store it securely. Establish a clear policy for handling sensitive data. Collaboration and Continuous Learning Cybersecurity is not a one-time effort but a continuous process. Collaboration between businesses and cybersecurity experts like SDTEK is crucial. We encourage Fort Wayne businesses to engage in local cybersecurity forums and workshops to stay informed about the latest threats and defenses. Conclusion In Fort Wayne, staying ahead of cyber threats is essential for the longevity and success of your business. By understanding the risks, implementing tailored strategies, and practicing good cyber hygiene, local businesses can significantly reduce their vulnerability to cyber-attacks. At SDTEK, we are committed to partnering with you in this journey, providing the expertise and support you need to protect your digital assets and thrive in a digital-first world. For more insights and assistance on cybersecurity solutions tailored for your Fort Wayne business, contact SDTEK . Your digital safety is our priority.

The Benefits of Cybersecurity Dark Web Monitoring for Business Owners

06 Dec, 2023
In today's digital landscape, cybersecurity is paramount to protect sensitive business information from falling into the wrong hands. As a business owner, you understand the value of securing your data and safeguarding your reputation. That's where dark web monitoring comes into play. What is Dark Web Monitoring? The dark web is a hidden part of the internet where illegal activities often take place, including the buying and selling of stolen data. Dark web monitoring involves scanning the dark web to identify any instances of your business's compromised information being traded or sold. By monitoring these underground networks, you gain valuable insights and can take immediate action to mitigate potential risks. Key Features and Benefits Real-time Alerts: Dark web monitoring provides real-time alerts, notifying you the moment your business's data appears on the dark web. This allows you to respond swiftly and take the necessary steps to protect your sensitive information. Comprehensive Coverage: Dark web monitoring casts a wide net across various dark web platforms, ensuring comprehensive coverage. It searches for mentions of your business, compromised credentials, financial information, and other sensitive data that may have been exposed. Access to an Expert Support Team: With dark web monitoring, you're not alone in the fight against cyber threats. You have access to an expert support team that can guide you through the process, answer your questions, and provide recommendations to strengthen your cybersecurity posture. Addressing Misconceptions Misconception 1: Dark web monitoring is only necessary for large businesses. Cybercriminals do not discriminate based on business size. Any organization, regardless of its scale, can become a target. Small businesses are particularly vulnerable as they often lack the robust security infrastructure that larger enterprises may have. Dark web monitoring is essential for all businesses, regardless of their size, to proactively protect their data. Misconception 2: Dark web monitoring is too technical to understand. While dark web monitoring may involve technical processes, the service providers are equipped to simplify the complexities for you. They will guide you through the setup, explain the monitoring process, and provide actionable insights in a user-friendly manner. You don't need to be a cybersecurity expert to benefit from dark web monitoring. Misconception 3: Dark web monitoring is expensive. The cost of dark web monitoring is a fraction of the potential financial and reputational damage that a data breach can cause. It's an investment in the security and longevity of your business. Additionally, many service providers offer flexible pricing options to suit different business needs, making it an affordable solution for businesses of all sizes. Conclusion As a business owner, the protection of your data is essential for the continuity and success of your organization. Dark web monitoring offers a proactive approach to cybersecurity, enabling you to identify and respond to potential threats swiftly. By leveraging real-time alerts, comprehensive coverage, and the support of experts, you can safeguard your sensitive information, maintain customer trust, and protect your business from reputational damage. Don't wait until it's too late. Invest in dark web monitoring to stay one step ahead of cybercriminals and gain the peace of mind you deserve. Your business's security is worth it.
Share by: