Tycoon phishing kit uses sneaky new techniques to hide malicious links
Phishing emails often feature malicious links (URLs) that lead victims to fake websites
where they are infected with harmful software or tricked into giving away personal
information.
There’s a constant battle between security tools getting better at identifying bad links and attackers trying to hide them more effectively. Barracuda has uncovered some of the latest approaches its researchers are seeing in attacks involving the advanced phishing-as-a-service (PhaaS) kit, Tycoon.
Phishing-as-a-Service kits see a surge as threat actors target weaknesses
A new report from LevelBlue reveals an increase in the use of Phishing-as-a-Service (PhaaS) kits, with business email compromise (BEC) remaining the most common form of
attack.
Because PhaaS kits are increasingly accessible, it's easier for threat actors to carry out advanced phishing attacks with minimal technical knowledge. According to the LevelBlue Threat Trends Report, there's a new PhaaS, known as RaccoonO365, on the block too. This kit uses methods that can intercept user credentials and multi-factor authentication (MFA) session cookies to bypass these common defensive measures.