Experts Insight On New Cybercrime Tool Can Build Phishing Pages In Real-Time

A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time. The tool is named “LogoKit” is tracked by RiskIQ beleived to be install on more than 300 domains over the past week and more than 700 sites over the past month. It worked by sending phishing links that contain their email addresses and once a victim navigates to the URL, it fetches logo from third party services such as Clearbit or Google’s favicon database

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Martin Jartelius
Martin Jartelius , CSO
InfoSec Expert
January 29, 2021 9:53 am

<p>This is a constant arms-race, we have seen similar but slightly different tactics where attackers would retain records of targeted email addresses and, if not getting the expected parameters, serving different content in their phishing campaigns to prevent malware analyst work. This is the same base of identification of the targeted, but with a tailoring of content to the audience for increased chance of success rather than employing an evasion technique. We will keep seeing more and more advanced tooling available and being used by cyber criminals, especially in those high volume low income areas where, just as for anyone in IT, margins and efficiency is key for profitability.</p>

Last edited 1 year ago by Martin Jartelius
Javvad Malik
Javvad Malik , Security Awareness Advocate
InfoSec Expert
January 29, 2021 9:51 am

<p>This new attack shows how invested criminals are in phishing attacks. With each iteration, we see new techniques put in place designed to fool users into believing an email or website is legitimate. </p> <p> </p> <p>While technical controls can help to block some of these, they won\’t be successful all of the time. Which is why it\’s important to educate and train users to be able to identify and report any suspicious emails or websites. Organisations also need to have monitoring and threat detection controls in place so that if an attack is successful, then it can be detected and responded to in a timely manner before it becomes a full-blown incident.</p>

Last edited 1 year ago by Javvad Malik
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x