In the ever-evolving world of cybercrime, phishing attacks continue to be a major concern. Recent findings from Group-IB highlight a significant 25% surge in the use of phishing kits throughout 2022. These malicious tools empower cybercriminals to orchestrate large-scale phishing campaigns, posing a serious challenge to conventional detection systems. Let's delve deeper into the key trends observed and the methods employed by these threat actors.
The Growing Popularity of Phishing Kits: In 2022, a staggering total of 3,677 unique phishing kits were identified, representing a 25% increase compared to the previous year. Phishing kits serve as a comprehensive set of tools that enable cybercriminals to effortlessly create and manage multiple phishing pages simultaneously. These kits offer threat actors the advantage of building and maintaining the necessary infrastructure, seamlessly transitioning between hosts to avoid detection, and effectively collecting stolen data.
Methods for Handling Stolen Data: Phishing websites serve as data harvesting platforms, demanding specific methods for the collection and storage of ill-gotten information. Interestingly, a substantial portion of stolen data continues to be handled via email. Nearly half of the phishing kits observed in 2022 (45%) relied on email, with Gmail being the preferred service among phishing kit creators.
Furthermore, the sustained popularity of Telegram as a means of collecting stolen data has surged. The use of Telegram by phishing kits nearly doubled in 2022 compared to the previous year, with a remarkable increase from 5.6% to 9.4%. The flexibility and convenience offered by the messaging platform enable cybercriminals to efficiently process and manage compromised information in near real-time.
Detection Evasion Techniques: As phishing attacks become more complex, cybercriminals are deploying advanced techniques to evade detection and takedown efforts. The evasion techniques observed between 2021 and 2022 can be categorized into two groups: trivial access control mechanisms and more sophisticated detection evasion methods.
Among the trivial access control mechanisms, hypertext access (.htaccess) emerged as the most popular technique in 2022, employed by 20% of detected phishing kits. This configuration file enables website operators to restrict access to specific directories based on the visitor's IP address. Additionally, robots.txt, another configuration file preventing access by bots and search engine crawlers, was observed in 12% of kits.
Interestingly, the use of simple access control mechanisms experienced a significant 92% increase, with 1,824 phishing kits utilizing some form of selective restriction in 2022, compared to 951 kits in the preceding year.
To counteract cybersecurity experts and off-the-shelf solutions, cybercriminals are now equipping phishing kits with advanced detection evasion techniques. These include blacklisting cybersecurity vendors' IPs and hostnames. Moreover, the utilization of anti-bot technologies and randomization of directories witnessed a 26% surge, with 2,060 phishing kits employing these sophisticated tactics in 2022.
Ensuring Longevity: Techniques to Evade Detection: Phishers aim to extend the lifespan of their deceptive websites. Consequently, the most prevalent detection evasion technique observed was the use of dynamic directories. By creating random website folders accessible solely through personalized phishing URLs, phishers evade detection and blacklisting, as the phishing content remains concealed. Dynamic directories were utilized in 22% of phishing kits detected in 2022.
Another popular tactic involved displaying fake 404 pages to visitors if their device parameters, geolocation, and referrer information did not match the victim's profile. This technique, observed in 11% of phishing kits, adds an extra layer of camouflage for cybercriminals.
In conclusion, the escalating use of phishing kits and the adoption of sophisticated detection evasion techniques present a significant challenge in the battle against cybercrime. By staying informed, adopting proactive security measures, and fostering collaboration, we can collectively mitigate the risks posed by these malicious actors and safeguard our digital ecosystem. Let us remain vigilant and committed to protecting ourselves and our digital assets from the ever-present threat of phishing attacks.
To bolster your defense against phishing attacks and ensure comprehensive cybersecurity, consider leveraging Armoryze's zero trust and managed detection and response service. Armoryze provides a proactive and cutting-edge solution to safeguard your digital assets from evolving threats. With their expertise and advanced technologies, Armoryze offers real-time threat monitoring, detection, and response, empowering you to stay one step ahead of cybercriminals.