The use of Phishing Kits as a service (Phaas) is increasing, using the violation of business email (BEC) as a more common form of attack, according to a Levelblue report.
Phishing is next to the Ransonware the greatest threat to world cybersecurity and the greatest attacks continue to use globally recognized brands (Microsoft, Apple and Google as the most impersonated companies) to deceive users and companies and steal personal, professional and financial information. The technological sector was the most affected, followed by social networks and retail trade.
Phishing as a service: a danger
The use of kits Phishing-as-a-Service allows to carry out Advanced phishing attacks with a Minimum technical knowledge. And they are increasingly powerful and accessible, which represents great danger. In addition, there is more and more offer and Levelblue has indicated novelties such as Raccoono365, a kit that uses methods that can intercept user credentials and multifactor authentication session cookies (MFA) to avoid these common defensive measures.
The Business email violation It represented 70 percent of the total incidents investigated by Levelblue during the period of the report, indicating its popularity as an angle of attack preferred by the actors of threats. These attacks are aimed at the end user, often trying to obtain more information or access from victims.
The report analyzes 12 keyboard attacks that were investigated by the Levelblue incident response team, 10 of which involved known groups of ransomware threat actors, as Black Enough. Five malware families, Cobalt Strike, Dark Comet, Socgholish, Gootloader and Lumma Stealer, represented more than 60 percent of the total malware attacks observed in the company’s customer base.
The security firm alerts bad practices that in his opinion practice companies, since these “They continue to use obsolete tools and security protocols, neglect simple preventive measures such as apply.
Specialists believe that these reports must make security professionals more proactive in the defense of companies of all sizes against the most frequent threats. Phishing is one of them and is favored by kits that allows almost anyone to carry advanced attacks without technical knowledge.
If you are interested, you can get the full report next to tips to keep the safe systems on the Levelblue website.
