Phishing-as-a-Service kits see a surge as threat actors target weaknesses
A new report from LevelBlue reveals an increase in the use of Phishing-as-a-Service (PhaaS) kits, with business email compromise (BEC) remaining the most common form of
attack.
Because PhaaS kits are increasingly accessible, it's easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, there's a new PhaaS, known as RaccoonO365, on the block too. This kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.
BECs make up more than 70 percent of the total incidents investigated by LevelBlue during the report period, which indicates their popularity as a favored angle of attack for threat actors. These attacks target the end user, often attempting to gain further information or access from the victims.
The report reviews 12 hands-on-keyboard attacks that were investigated by the LevelBlue Incident Response team, 10 of which involved known ransomware threat actor groups, such as Black Basta. It also shares that five malware families, Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer, accounted for more than 60 percent of the total malware attacks observed across the LevelBlue customer base.
"Businesses continue to use outdated security protocols and tools; neglect simple, preventive measures, such as enforcing MFA or regularly patching software; and find themselves victims of human error, especially in the form of phishing and social engineering," says Ken Ng, lead cybersecurity specialist at LevelBlue MDR Threat Hunting. "The findings within our report will arm security practitioners to become more proactive in defending businesses of all sizes against today's most prevalent threats."
You can get the full report along with tips on keeping systems secure from attack on the LevelBlue site.
Image credit: Josepalbert13/Dreamstime.com