Hello folks,
On this week’s program, we’re going to explore a very interesting article tlaking about something I don’t think we’ve heard of before. Phishing as a Service.
We’ve heard of bullet proof hosting, the hosting providers who turn a blind eye on any type of report that anyone sends about any customer they host.
While traditional web hosts like what I offer, my provider offers, and others as well; there are some providers who just want to get paid, they give you space, and don’t care.
But in this Phishlabs article, you also get phishing kits, templates and other things to go ahead and attack other users with campaigns that are constantly being updated if I understand this correctly.
Fortra is monitoring malicious activity targeting Canadian banks conducted by Phishing-as-a-Service group LabHost. Throughout 2022 and 2023, Fortra has observed phishing attacks connected with Phishing-as-a-Service (PhaaS) groups grow as threat actors use the tools provided through membership services to launch a variety of campaigns. The providers of these platforms boast features such as access to an array of stolen industry branding, monitoring tools, security bypass abilities, and more.
Under the heading that talks about Canadian Phishing service background (paraphraise) it says:
Frappo. Frappo’s launch in late 2021 resulted in an explosion of multi-branded phishing attacks capable of targeting numerous Canadian financial institutions simultaneously.
After the initial spike in activity in the first half of 2022, Frappo users reported that phishing pages made through the service were being blocked and mitigated at faster rates. In September 2022, Frappo promised that an improved second version of the service would be launched. As of December 2023, this promised Frappo V2 platform had not been released to the public.
Over the course of 2023, Fortra observed phishing content families grow in popularity which shared many similarities with existing Frappo campaigns but included minor changes. Originally thought to be possible candidates for “V2”, over time it became evident that the campaigns were sourced from a different distinct PhaaS platform. Communication in Canada-centric threat actor channels suggested that phishers had pivoted to using LabHost instead of Frappo for phishing campaigns.
This section continues:
Over the course of 2023, Fortra observed phishing content families grow in popularity which shared many similarities with existing Frappo campaigns but included minor changes. Originally thought to be possible candidates for “V2”, over time it became evident that the campaigns were sourced from a different distinct PhaaS platform. Communication in Canada-centric threat actor channels suggested that phishers had pivoted to using LabHost instead of Frappo for phishing campaigns.
So now, we’ve got two different providers that want to play in the sandbox, providing services that could be interesting to say the least already.
Finally:
The phishing kits used by LabHost and Frappo don’t feature many indicators that make distinguishing between the two easy. However, a LabHost service outage in October and the resulting drop in phishing volume provided strong evidence for the attribution of LabHost to specific tracked phishing content families. This new information confirmed Fortra’s suspicion that LabHost had overtaken Frappo in popularity in the first half of 2023.
The headings in this article include:
- Canadian Phishing-as-a-Service Background
- LabHost Threat History
Phishing-as-a-Service Analysis
Live Phishing Capabilities
LabSend Phishing Lures
The article is titled Phishing-as-a-Service Profile: LabHost Threat Actor Group </a.> and i urge everyone to read it. Stay as safe as you can, because there isn’t much I can do to help you here.
The show is on Wednesday, 11 am PT, 1 pm CT on the independent channel and then aired across the network. Check this TSB page for info on who airs us and when.
What do you think? Is this something you’re concerned about? I would be, only because they can target anyone. Stay safe out there!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.