Consumers beware. Group-IB, a global threat hunting and adversary-centric cyberintelligence company, has found that it is increasingly easy for cybercriminals to obtain user data stolen through phishing, or fake websites which look like genuine ones requesting consumer data.
 |
| Source: Group-IB. Types of brands most frequently targeted in phishing kits. |
Legitimate services such as Google Forms and Telegram bots are helping help cybercriminals keep data safe and enable them to start using the information immediately. Ready-to-go platforms that automate phishing are distributed under the cybercrime-as-a-service model, which allows more groups to conduct attacks, and widen the scope of cybercriminal activity, Group-IB said.
According to Group-IB, phishing kits give cybercriminals who do not have strong coding skills a way to effortlessly build infrastructure for large-scale phishing campaigns and quickly resume an operation if it’s blocked.
Group-IB’s Computer Emergency Response Team (CERT-GIB) analysed the tools used to create phishing web pages (phishing kits) and discovered that in the past year, they were most often used to generate web pages mimicking online services (online tools to view documents, online shopping, streaming services, etc.), email clients, and — traditionally — financial organisations. Last year, Group-IB identified phishing kits targeting over 260 unique brands.
In 2020, as in the previous year, the main target for cybercriminals were online services (30.7%). By stealing user account credentials, hackers gain access to the data of linked bank cards. Email services became less appealing last year, with the share of phishing kits targeting them dropping to 22.8%.
Financial institutions turned out to be the third favourite among scammers, with their share totalling above 20%. In 2020, the brands most often exploited in phishing kits were Microsoft, PayPal, Google, and Yahoo.
The analysts further found that phishing kits can do more than generating fake web pages to steal user data. Some upload malicious files to the victim's device. Sellers of phishing kits can deceive their buyers. Apart from selling the malicious tool they created, they may also direct stolen user data to themselves.
“Phishing kits have changed the rules of the game in this segment of the fight against cybercrime. In the past, cybercriminals stopped their campaigns after the fraudulent resources had been blocked and quickly switched to other brands. Today, they automate their attacks and instantly replace the blocked phishing websites with new web pages,” commented CERT-GIB Deputy Head Yaroslav Kargalev.
“In turn, automating such attacks leads to the spread of more complex social engineering used in large-scale attacks rather than separate incidents, as used to be the case. This keeps one of the oldest cybercriminal professions afloat.”
