Security News > 2021 > September > Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Microsoft has opened the lid on a large-scale phishing-as-a-service operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.

"With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report.

The tech giant said it uncovered the operation during its investigation of a credential phishing campaign that used the BulletProofLink phishing kit on either on attacker-controlled sites or sites provided by BulletProofLink as part of their service.

Phishing-as-a-service differs from traditional phishing kits in that unlike the latter, which are sold as one-time payments to gain access to packaged files containing ready-to-use email phishing templates, they are subscription-based and follow a software-as-a-service model, while also expanding on the capabilities to include built-in site hosting, email delivery, and credential theft.

"With phishing kits, it is trivial for operators to include a secondary location for credentials to be sent to and hope that the purchaser of the phish kit does not alter the code to remove it," the researchers said.

"This is true for the BulletProofLink phishing kit, and in cases where the attackers using the service received credentials and logs at the end of a week instead of conducting campaigns themselves, the PhaaS operator maintained control of all credentials they resell."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/oor8QBAgjtY/microsoft-warns-of-wide-scale-phishing.html