A new attack has been
uncovered using a phishing kit that has an indestructible infrastructure due to
its residence in the cloud.
In the majority of
phishing schemes when the main server is taken down the main collection point
is also removed, but with this kit the data collection space is hosted
separately from the phishing websites, Imperva discovered.
Once a server is taken
out, all hackers need to do with the cloud-based kit is to re-post the web
front end in a new location.
Imperva explained this
case is also interesting for its provenance and operation.
Created by two “master
hackers”, the phishing kit was posted on hacker forums. Those who used the kit
then became part of the master hackers’ “army”, meaning all the data they
acquired went back to the creators, who did not have to put in the hours
implementing the attack.
The masters’
underlings did not know a thing about their leaders’ activities either and,
depending on the country, the kit’s creators will not have broken the law as
they just wrote the software.
And as each of the
subsidiary hackers has their own campaign, taking down numerous domains will
not affect other schemes that report back to the master hackers.
One of the overlords
claimed their kit has been downloaded 200,000 times, Imperva said, but this
could be an exaggeration, according to the security company’s chief technology
officer Amichai Shulman.
"To some extent
this is malware-as-a-service," Shulman told IT PRO, adding that the attack
shows how hackers will abuse technologies people are widely using - in this
case the cloud.
“This is definitely
showing a shift from the normal models that we have seen so far regarding
phishing,” Shulman said.
It appears hackers are
getting creative with phishing attacks.
x
0 comments :
Post a Comment