Friday, March 29, 2024

Hackers Launching large-Scale phishing-as-a-service Operation with 300,000 newly created Phishing Domains – Microsoft

Large-scale well-organized phishing as a service (PhaaS) operation is uncovered recently by Microsoft. This platform helps users to customize campaigns and develop their own phishing ploys.

The PhaaS platform can be used for phishing kits, email templates, and hosting services. The operation was marketed by the threat actors as Bulletprooflink when they found a high volume of a unique sub-domain.

Full-Scale Phishing Facilitator

Bulletprooflink provides a starting point for people to get into phishing campaigns without any significant resources. Multiple sites are maintained under aliases and the group is assumed to be active since 2018.

Here are the things offered by the ground as their serves:-

  • Instructional videos
  • Advertisements
  • Promotional materials

While the security researchers have asserted that it is known to hawk their wares on plenty of underground forums.

Moreover, this massive malicious campaign is notable because in this campaign the operators have used more than a high volume of newly created and unique subdomains in a single run and the count of new domains ranges more than 300,000.

Phishing kits and phishing-as-a-service (PhaaS)

Phishing kits generally refer to kits that are sold on a one-time sale basis from phishing kit sellers are resellers. This also includes different files that come with ready-to-use email phishing templates designed to evade detection.

Phishing-as-a-service is a software model which needs threat actors to pay an operator to develop complete Phishing campaigns. Bulletprooflink is an example of a phishing-as-a-service operation.

Double theft used to boost profits

Buletprooflink operation is spotted while investigating phishing attacks, and it is the driving force that has eventually targeted many corporate organizations.

The threat actors who are behind the Bulletprooflink provide cybercriminals with several services. It ranges from selling phish kits and email templates to providing posting automated services under single payment on a monthly subscription.

Break down of BulletProofLink services

According to the group’s about us web page the operator maintains multiple sites under their aliases, Bulletprooflink, anthrax which also includes Youtube with instructional advertisements and promotional materials.

As per the ICQ chat logs posted by the operator customer refer to the group as the aliases interchanging. All these details are rugged upon by the templates, services provided by Bulletprooflink operators.

Here are the things offered in BulletProofLink services:-

  • BulletProofLink registration and sign-in pages
  • Credential phishing templates
  • Customer hosting and support

How does Microsoft Defender for Office 365 guard against PhaaS-driven phishing attacks?

Protection against particular attacks is allowed through investigation, while the specific email campaigns help to detect similar attacks that used the same methods such as infinite subdomain abuse, brand impersonation, etc.

We are able to scale and expand the coverage of these protections to multiple campaigns by studying phishing as a service operation. Microsoft defender for office 365 can help in taking full advantage of the tools that are available and strengthen defenses against the threat of Phishing.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles