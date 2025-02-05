Phishing-as-a-Service kits see a surge as threat actors target weaknesses

No Comments

A new report from LevelBlue reveals an increase in the use of Phishing-as-a-Service (PhaaS) kits, with business email compromise (BEC) remaining the most common form of
attack.

Because PhaaS kits are increasingly accessible, it's easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, there's a new PhaaS, known as RaccoonO365, on the block too. This kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.

BECs make up more than 70 percent of the total incidents investigated by LevelBlue during the report period, which indicates their popularity as a favored angle of attack for threat actors. These attacks target the end user, often attempting to gain further information or access from the victims.

The report reviews 12 hands-on-keyboard attacks that were investigated by the LevelBlue Incident Response team, 10 of which involved known ransomware threat actor groups, such as Black Basta. It also shares that five malware families, Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer, accounted for more than 60 percent of the total malware attacks observed across the LevelBlue customer base.

"Businesses continue to use outdated security protocols and tools; neglect simple, preventive measures, such as enforcing MFA or regularly patching software; and find themselves victims of human error, especially in the form of phishing and social engineering," says Ken Ng, lead cybersecurity specialist at LevelBlue MDR Threat Hunting. "The findings within our report will arm security practitioners to become more proactive in defending businesses of all sizes against today's most prevalent threats."

You can get the full report along with tips on keeping systems secure from attack on the LevelBlue site.

Image credit: Josepalbert13/Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

Phishing-as-a-Service kits see a surge as threat actors target weaknesses

Data breaches in UK legal sector up over a third

PNY launches PRO Elite V3, Elite-X Fit, and Elite USB-C flash drives

MIXX Revival 55 record player blends retro design with modern Bluetooth

Operational tech devices exposed to known vulnerabilities

AR OS 2 is everything we want Windows 12 to be -- and more

Over 60 percent of enterprise cybersecurity incidents relate to known risks

Most Commented Stories

New year, new Microsoft OS -- the stunning Windows 25 is everything Windows 12 should be

46 Comments

Optimum 10 Pro is an upgraded version of Windows 10 with next-level performance, privacy and control

29 Comments

Like magic! Transform Windows 11 into the Microsoft OS you've always wanted in just a couple of mouse clicks

20 Comments

Say goodbye to Windows 11 and switch to MX Linux 23.5 for a faster PC

14 Comments

Transform Windows 10 or 11 into Windows 7 in just five clicks

14 Comments

Microsoft says 2025 is the year to ditch Windows 10 and embrace Windows 11

10 Comments

Sticking with Windows 10? No more Microsoft 365 for you!

8 Comments

The European Commission wants Elon Musk to reveal the secrets of the X recommendation algorithm (don’t we all?)

7 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.