A new attack has been uncovered using a phishing kit that has an indestructible infrastructure due to its residence in the cloud.
In the majority of phishing schemes when the main server is taken down the main collection point is also removed, but with this kit the data collection space is hosted separately from the phishing websites, Imperva discovered.
Once a server is taken out, all hackers need to do with the cloud-based kit is to re-post the web front end in a new location.
Imperva explained this case is also interesting for its provenance and operation.
Created by two “master hackers”, the phishing kit was posted on hacker forums. Those who used the kit then became part of the master hackers’ “army”, meaning all the data they acquired went back to the creators, who did not have to put in the hours implementing the attack.
"To some extent this is malware-as-a-service," Shulman said, adding that the attack shows how hackers prefer to abuse the technologies that people are widely using - in this case the cloud.
“This is definitely showing a shift from the normal phishing models that we have seen so far.” Shulman said.
No comments:
Post a Comment