Imperva discovers phishing kit hosted in the cloud

By on

Phishing tactic uses proxy hackers to harvest hundreds of thousands of credentials.

Imperva has discovered a phishing kit that is hosted separately from the phishing websites.

Imperva said that, unlike previously available phishing kits, this new approach lives in the cloud, relies on hackers exploiting other hackers, and never goes away. The company's director of security strategy Rob Rachwald, explained that in traditional schemes when you take down a server, you take down not only the web page, but the back-end data collection capability comes offline.

“In this cloud version, data collection is hosted separately from the phishing web sites which means hackers only need to repost the web front-end in a new location to be back in business.
Also, and perhaps what's more interesting, this attack highlights that there's no honour among thieves. Two master hackers wrote and then posted a phishing kit into hacker forums,” he said.

“The irony is that anyone using this kit becomes an unknowing member of the master hacker's army. When hackers use this kit and deploy a successful phishing campaign, all the stolen credentials and information goes straight back to the master hacker without the proxy hacker's knowledge. It's very clever. The master hacker never needs to conduct a campaign to see financial gain.”

The kit was developed in Algeria with Arabic tutorials, while the kit itself is in English. Once logged on via ‘Login Spoofer' you select which pages you want to spoof from a selection of pages including webmail, PayPal and Facebook messages.

The user then has a dashboard which shows the victims. Imperva detected that the proxy hackers will see some success with dozens to hundreds of credentials potentially stolen before their fake sites are shut down. After this, the ‘master hacker' leverages a back door in the kit to harvest all the credentials the proxy hackers managed to obtain.

“Since new people create new phishing sites every day, with new campaigns the master hacker's numbers just grow and grow and grow,” said Rachwald.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
credentials hackers harvest hundreds of phishing proxy security tactic thousands to uses

Sponsored Whitepapers

How Security as Code changes development and deployment for the cloud
How Security as Code changes development and deployment for the cloud
Tackle new ITSM priorities with this seven-step Micro Focus guide
Tackle new ITSM priorities with this seven-step Micro Focus guide
Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM
Future of work: Support your distributed HR workforce with digital document processes
Future of work: Support your distributed HR workforce with digital document processes
Develop a resiliency strategy that integrates risk analysis & continuity management
Develop a resiliency strategy that integrates risk analysis & continuity management

Events

Most Read Articles

Telstra-led consortium to build out NSW's digital twin

Telstra-led consortium to build out NSW's digital twin
Macquarie Bank looks to break free of IaaS

Macquarie Bank looks to break free of IaaS
Adobe scores $32m myGov software deal

Adobe scores $32m myGov software deal
Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics

Log In

Email:
Password:
  |  Forgot your password?