Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following the straightforward installation instructions, a threat actor is able to launch a phishing campaign, that collects the personal and financial information of unsuspecting consumers, very quickly. Tim Helming, Director of Product Management at DomainTools commented below.
Tim Helming, Director of Product Management at DomainTools:
“The discovery of this easy-to-use phishing kit is the next logical step in cybercrime’s journey from an underground activity to a broadly commoditized marketplace of tools and techniques. While phishing-as-a-service kits are nothing new, the fact that this kit allows even non-technical users to set up fake websites spoofing household names- and their corresponding domains- means it is easier than ever for malicious actors to steal credentials, and ultimately capital, en masse. Combating such large-scale activity requires not only user education at both the organizational and individual level, but also a comprehensive approach from law enforcement, government and international regulatory bodies, just as fighting any other large scale criminal enterprise would.”