New Insight into Cybercrime: Phishing-as-a-Service Platform
A new report shows that anyone interested in beginning a phishing campaign must pass through an open registration process on ‘Caffeine’. The Caffeine platform has an intuitive interface that it provides to users at a relatively low cost. It can also steal session cookies, which allows the attacker to access accounts without the need for MFA (multi factor authentication) tokens.
2024-01-19
'%3e%3cpath%20d='M25.1219%206.1263C25.1397%206.38418%2025.1397%206.64212%2025.1397%206.9C25.1397%2014.7658%2019.3656%2023.8289%208.81221%2023.8289C5.56092%2023.8289%202.54063%2022.8526%200%2021.1579C0.461947%2021.2132%200.906066%2021.2316%201.38579%2021.2316C4.06849%2021.2316%206.53808%2020.2921%208.51017%2018.6895C5.98732%2018.6342%203.87309%2016.9211%203.14465%2014.5632C3.50001%2014.6184%203.85532%2014.6552%204.22845%2014.6552C4.74367%2014.6552%205.25893%2014.5815%205.7386%2014.4526C3.10916%2013.9%201.13701%2011.5053%201.13701%208.61315V8.53949C1.90095%208.9816%202.78935%209.25791%203.73091%209.29471C2.18521%208.22627%201.17256%206.40261%201.17256%204.33943C1.17256%203.23419%201.45677%202.22103%201.95427%201.33681C4.77916%204.94734%209.02539%207.30519%2013.7868%207.56313C13.698%207.12102%2013.6446%206.66054%2013.6446%206.20001C13.6446%202.92102%2016.203%200.25%2019.3832%200.25C21.0355%200.25%2022.5279%200.968419%2023.5761%202.12895C24.8731%201.87106%2026.1167%201.37367%2027.2183%200.692109C26.7918%202.07372%2025.8858%203.23425%2024.6954%203.97104C25.8503%203.84215%2026.9696%203.5105%2028%203.05002C27.2184%204.22892%2026.2412%205.27888%2025.1219%206.1263Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24586'%3e%3crect%20width='28'%20height='25.0526'%20fill='%230671C0'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
With the launch of the PaaS platform under the name ‘Caffeine,’ threat actors now have a chance to launch sophisticated phishing attacks quickly. A new report shows that anyone interested in beginning a phishing campaign must pass through an open registration process on this platform.
When investigating the phishing activity, Managed Defense analysts discovered that the Caffeine platform has an intuitive interface that it provides to users at a relatively low cost. To design and automate the main components of its phishing campaigns, Caffeine has provided a variety of tools and functions to its criminal clients. Self-service techniques to manage transitional redirect pages, customized phishing kits, a final stage webpage for seducing victims, campaign email activity tracking, and robust URL generation for hosted malware payloads are some of the features provided by the platform.
Another team of researchers at Resecurity recently discovered a similar platform named EvilProxy. Unlike Caffeine, EvilProxy is provided on the dark web. The latter targets accounts on different platforms, including Facebook, Dropbox, Google, Instagram, Yahoo, Twitter, GoDaddy, Apple, Microsoft, Yandex, and GitHub. It can also steal session cookies, which allows the attacker to access accounts without the need to key in a password, username, or other MFA (multi factor authentication) tokens.
Why You Should Care
The progress in automated detection and inspection methods using email security platforms have significantly evolved phishing tactics. The attacks orchestrated through platforms such as EvilProxy and Caffeine are pretty lethal as they apply Reverse Proxy and Cookie Injection approaches to bypass 2FA authentication. According to recent discoveries, the platforms allow attackers to proxify the victim’s session.
The reverse concept used in this context has been considered to be simple. The bad actors’ work is to lead their victims to a phishing page and apply the reverse proxy to obtain all the victim’s legitimate content expected by the user, including the login pages. The software is so good that it can sniff the user’s traffic when passing through the proxy. Through the process, the attackers harvest cookies for the valid session, thus successfully bypassing the need for authenticating with passwords, usernames, or 2FA tokens.
As cybercriminals continue to enhance their offerings, phishing attacks will become more challenging to spot and combat. Moreover, their frequency will rise, eventually becoming a greater liability to companies. With the new campaigns through such platforms, response plans and employee awareness will no longer be preventative, implying that they will necessitate more robust cybersecurity.
Ways to Combat PaaS
Although the future of Phishing as a Service is worrying, experts contend that it is not yet bleak for companies. Perspectives and focus on Cybersecurity need to shift away from perceiving phishing as highly complicated than an email that looks odd.
Researchers recommend three key strategies companies should adopt to combat PaaS effectively. The first move is to start with the source by taking actions such as frequently updating the cyber defense technologies, which help filter many phishing methods. The second move is to educate the workers on what to watch out for and the appropriate response. The last step is to put in place a standard response plan for the company, as opposed to an individualized approach.
Use our simulated phishing tests for defence against social engineering attacks. Although a lot of businesses today utilize technology to protect themselves from cyber risks, user training has been a key defence against phishing scams. Leading practices like the Keepnet Phishing Simulator and cyber security awareness training enable your workforce to be ready for social engineering assaults. The Keepnet Phishing Simulator will test your users in various departments, and they will encounter these threats before they are truly targeted. Additionally, they will receive the most recent and interesting training materials to help them recognize cyberattacks like data or identity theft.
SHARE ON