23 September 21, 16:43
Quote:Microsoft uncovered a large-scale, well-organization and sophisticated phishing-as-a-service (PhaaS) operation. The turnkey platform allows users to customize campaigns and develop their own phishing ploys so they can then use the PhaaS platform to help with phishing kits, email templates and hosting services needed to launch attacks.
Microsoft researchers discovered the operation, marketed by criminals as BulletProofLink, when they found a high volume of newly created and unique subdomains—more than 300,000 in a single run, according to a post published by the Microsoft 365 Defender Threat Intelligence Team. “This investigation led us down a rabbit hole as we unearthed one of the operations that enabled the campaign,” researchers wrote.
With more than 100 available phishing templates that mimic known brands and services—including Microsoft itself–the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today, they said.
Phishing is a common way for cybercriminals to dupe people through socially-engineered emails into giving up their credentials to online accounts that can store sensitive data. Phishers use these emails—which sometimes fool people by impersonating a trusted company, application or institution–to direct people to specially crafted phishing sites so they can enter credentials, thinking they are doing so for a legitimate reason.
Phishing is often a gateway drug into other criminal activity; phishers sell credentials obtained through campaigns on the dark web, and they can be used by ransomware gangs as an entry point into networks to deliver ransomware attacks, among other nefarious activity.
Read more: Large-Scale Phishing-as-a-Service Operation Exposed | Threatpost