Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How do attackers build and use phishing kits?

With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn how such kits are built.

One way that phishing attacks have become more efficient is attackers are using phishing kits to automate their...

attack game, according to Steve Manzuik, director of security research at Duo Security Inc. Attackers are also sharing their tools, techniques and even intelligence about potential targets, Manzuik said during the recent Cloud Security eSummit.

In this Ask the Expert, Manzuik details how attackers build phishing kits and how deploying such kits increases the efficiency of phishing attacks.

How do attackers build and use phishing kits?

Steve Manzuik: The first step [when building a phishing kit] is they are going to clone a legitimate website. If you are going to get users to try and log in to a popular email provider because you know they have an account there, you would clone that popular email provider's website.

Then the attacker goes ahead and makes some modification to the parts of the website that asks the user to log in and they instead point that to other scripts that are part of the kit designed to steal credentials. Now, in most cases at this step, the victim will just think that they mistyped their password and they will go ahead and continue to enter it. That's what the attacker wants, in this case.

Once the attacker has modified that log-in page to point it to the credential-stealing script, they then take all the modified files, all of their script -- typically, a lot of PHPs -- and bundle all of that up into a zip file and that gets uploaded to the hacked website. From there, all of the phishing emails with links, or attachments, or whatever the actual tactics, are in here and then sent out pointing to the new, spoofed website.

This has really gotten to the point where the only work the attacker has to do is to pick the target, type in the URL, push the button on the tool and let it go ahead and perform all of these steps for them.

The fact that it is automated definitely helps attackers improve the quality of their attack and it increases the overall efficiency. Because these phishing kits are modular in nature, there is a lot of code reused across them and tacit sharing. For example, if attackers want to add … encryption capabilities to their phishing kit, there are modules that they can buy, borrow or steal from other attackers that would just simply fit into their kit.

This was last published in April 2018

Dig Deeper on Cybersecurity strategy

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What tactics can organizations employ to avoid falling victim to a phishing kit?
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close