Experts Insight On New Cybercrime Tool Can Build Phishing Pages In Real-Time

A cybercrime group has developed a novel phishing toolkit that changes logos and text on a phishing page in real-time. The tool is named “LogoKit” is tracked by RiskIQ beleived to be install on more than 300 domains over the past week and more than 700 sites over the past month. It worked by sending phishing links that contain their email addresses and once a victim navigates to the URL, it fetches logo from third party services such as Clearbit or Google’s favicon database

Experts Comments

January 29, 2021
Martin Jartelius
CSO
Outpost24

This is a constant arms-race, we have seen similar but slightly different tactics where attackers would retain records of targeted email addresses and, if not getting the expected parameters, serving different content in their phishing campaigns to prevent malware analyst work. This is the same base of identification of the targeted, but with a tailoring of content to the audience for increased chance of success rather than employing an evasion technique. We will keep seeing more and more

.....Read More

This is a constant arms-race, we have seen similar but slightly different tactics where attackers would retain records of targeted email addresses and, if not getting the expected parameters, serving different content in their phishing campaigns to prevent malware analyst work. This is the same base of identification of the targeted, but with a tailoring of content to the audience for increased chance of success rather than employing an evasion technique. We will keep seeing more and more advanced tooling available and being used by cyber criminals, especially in those high volume low income areas where, just as for anyone in IT, margins and efficiency is key for profitability.

  Read Less
January 29, 2021
Javvad Malik
Security Awareness Advocate
KnowBe4

This new attack shows how invested criminals are in phishing attacks. With each iteration, we see new techniques put in place designed to fool users into believing an email or website is legitimate. 

 

While technical controls can help to block some of these, they won't be successful all of the time. Which is why it's important to educate and train users to be able to identify and report any suspicious emails or websites. Organisations also need to have monitoring and threat detection controls

.....Read More

This new attack shows how invested criminals are in phishing attacks. With each iteration, we see new techniques put in place designed to fool users into believing an email or website is legitimate. 

 

While technical controls can help to block some of these, they won't be successful all of the time. Which is why it's important to educate and train users to be able to identify and report any suspicious emails or websites. Organisations also need to have monitoring and threat detection controls in place so that if an attack is successful, then it can be detected and responded to in a timely manner before it becomes a full-blown incident.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.