BulletProofLink جرایم سایبری فیشینگ را به عنوان یک سرویس ارائه می دهد

هلگا اسمیتسپتامبر 23, 2021آخرین به روز رسانی: سپتامبر 23, 2021
148 خواندن این مطلب 1 دقیقه زمان میبرد

Microsoft experts argue that BulletProofLink (aka BulletProftLink or Anthrax), a phishing-as-a-Service (PHaaS) cybercriminal service, is responsible for many phishing campaigns targeting companies and organizations in the recent years.

It should be noted that BulletProofLink was first discovered back in October 2020 by OSINT Fans researchers, who published a series of articles (1, 2, 3) describing some of the mechanisms of the PHaaS platform.

Researchers now report that BulletProofLink’s attackers provide cybercriminals with a variety of subscription services, from selling phishing kits (collections of phishing pages and templates that mimic the login forms of well-known companies) and email templates, to hosting and automated services.

BulletProofLink service

Basically, customers simply sign up to BulletProofLink for a $ 800 fee and BulletProofLink operators do the rest for them. The services of the cybercriminals include: setting up a web page to host a phishing site, installing the phishing template itself, configuring a domain (URL) for phishing sites, sending phishing emails to victims, collecting credentials obtained during these attacks, and then delivering the stolen logins and passwords forsolvent clientsat the end of the week.

If a customer wants to change their phishing templates, BulletProofLink operators have a separate store where attackers can buy new attack templates for between $ 80 و $ 100 each. There are currently about 120 different templates available on the BulletProofLink Store, and there are tutorials on the site to help customers use the service.

BulletProofLink price

Microsoft researchers also report that BulletProofLink operators are not clean on hand and steal from their customers: the service saves copies of all collected credentials, which are then sold on the darknet, bringing them additional profit.

Microsoft describes BulletProofLink as a technically complex operation, and notes that service operators often use hacked sites to host their phishing pages. همچنین, in some cases BulletProofLink compromises the DNS records of hacked sites in order to create subdomains for hosting phishing pages.

BulletProofLink-operation

When we investigated phishing attacks, we found a campaign that used a large number of newly created and unique subdomainsmore than 300,000 at a time.say experts, describing the scale of BulletProofLink's work.
Microsoft calls this tacticendless abuse of subdomains.It allows attackers to create unique URLs for each phishing victim using only one domain, bought or compromised specifically to carry out the attacks. Even worse, unique URLs pose a problem in preventing and detecting such attacks, because security solutions are usually focused on exact matching of domains and URLs.

Let me remind you that we talked about how بدافزار Capoae یک افزونه Backdoor را در سایت های وردپرس نصب می کند.

برچسب ها
هلگا اسمیتسپتامبر 23, 2021آخرین به روز رسانی: سپتامبر 23, 2021
148 خواندن این مطلب 1 دقیقه زمان میبرد

هلگا اسمیت

من همیشه به علوم کامپیوتر علاقه داشتم, به خصوص امنیت داده ها و موضوع, که امروزه نامیده می شود "علم داده", از اوایل نوجوانی من. قبل از ورود به تیم حذف ویروس به عنوان سردبیر, من به عنوان کارشناس امنیت سایبری در چندین شرکت کار کردم, از جمله یکی از پیمانکاران آمازون. یک تجربه دیگر: من در دانشگاه های آردن و ریدینگ تدریس می کنم.

پاسخ دهید

این سایت از Akismet برای کاهش هرزنامه استفاده می کند. با نحوه پردازش داده های نظر خود آشنا شوید.

دکمه بازگشت به بالا