PiChris - Fotolia
How do attackers build and use phishing kits?
With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn how such kits are built.
One way that phishing attacks have become more efficient is attackers are using phishing kits to automate their attack game, according to Steve Manzuik, director of security research at Duo Security Inc. Attackers are also sharing their tools, techniques and even intelligence about potential targets, Manzuik said during the recent Cloud Security eSummit.
In this Ask the Expert, Manzuik details how attackers build phishing kits and how deploying such kits increases the efficiency of phishing attacks.
How do attackers build and use phishing kits?
Steve Manzuik: The first step [when building a phishing kit] is they are going to clone a legitimate website. If you are going to get users to try and log in to a popular email provider because you know they have an account there, you would clone that popular email provider's website.
Then the attacker goes ahead and makes some modification to the parts of the website that asks the user to log in and they instead point that to other scripts that are part of the kit designed to steal credentials. Now, in most cases at this step, the victim will just think that they mistyped their password and they will go ahead and continue to enter it. That's what the attacker wants, in this case.
Once the attacker has modified that log-in page to point it to the credential-stealing script, they then take all the modified files, all of their script -- typically, a lot of PHPs -- and bundle all of that up into a zip file and that gets uploaded to the hacked website. From there, all of the phishing emails with links, or attachments, or whatever the actual tactics, are in here and then sent out pointing to the new, spoofed website.
This has really gotten to the point where the only work the attacker has to do is to pick the target, type in the URL, push the button on the tool and let it go ahead and perform all of these steps for them.
The fact that it is automated definitely helps attackers improve the quality of their attack and it increases the overall efficiency. Because these phishing kits are modular in nature, there is a lot of code reused across them and tacit sharing. For example, if attackers want to add … encryption capabilities to their phishing kit, there are modules that they can buy, borrow or steal from other attackers that would just simply fit into their kit.
