Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Credits: MSN News
Phishing is already the easiest way for hackers to steal data and it’s getting even easier thanks to the rise of organised criminal groups on the dark web offering phishing-as-a-service schemes to budding cybercriminals and ever-lowering the cost of entry.
According to cybersecurity researchers, this approach to phishing is about a quarter of the cost and twice as profitable as traditional unmanaged – and labour intensive – phishing campaigns and follows in the footsteps of other cybercrime-as-a-service campaigns.
The ‘Phishing made easy‘ report from from Imperva’s Hacker Intelligence Initiative, details how a Phishing-as-a-Service (PhaaS) store on the Russian black market offers a “complete solution for the beginner scammer” including databases of emails, templates of phishing scams and a backend database to store stolen credentials.
While using their PhaaS operation, the user is able to use their account homepage to choose from a variety of potential scam pages – including social media, banking, retail, telecom, utility, gaming and dating – which once chosen, will generate a link to be sent to victims. Any credentials stolen will be stored on the users personal dashboard.
Some types of phishing scams are limited to those who’d purchased VIP account subscriptions, although at a cost of a maximum of just 270 rubles a month ($4.23) the scammer would be able to make back the cost in no time by stealing and selling profiles.
Indeed, that very much seems to be the case, with cybersecurity researchers investigating the PhaaS operation discovering that its 67,000 users have made off with data from over 750,000 accounts, with an average of around 65,000 stolen per month – or 1,700 per day.
The operation also tailors its criminal services to those who wish to target users in a certain location or of a certain service, allowing wannabe hackers to purchase Simple Mail Transfer Protocol (SMTP) infrastructure to 100,000s of potential victims.
An SMTP server is sold online for between $1.25 and $3 while a list of 100,000 emails can would cost between $2 and $50, depending on the country of the target emails and their “freshness” – the length of time since they were stolen. While this costs users more, it provides them with a potentially more lucrative outcome – both in terms of the data available to steal, and the cost they an sell it on for.
For example, users are able to buy government email lists, which could potentially be used to conduct cyber espionage.
Based on the costs studied campaign using phishing pages, spam server, email list of 100,000 email addresses and access to compromised servers, researchers say the a scam of this kind can be carried out for as little as $27 – a quarter of the cost it would take to carry out a standard phishing campaign – opening up to almost anyone who wants to try it out.
“The combination of PhaaS and compromised web servers has significantly lowered the monetary, technological and time investment needed to conduct a successful phishing campaign,” said Amichai Shulman, co-founder and CTO of Imperva.
Using reverse engineering and investigation, researchers claim to have linked this particular phishing-as-a-service scheme to an Indonesian hacking group which has previously carried out hacking campaigns involving Outlook Web Applications, Wells Fargo’s Online Banking and an Adobe PDF campaign.
www.extremehacking.org
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India