News

Cloud-based phishing kit hacks the hackers

Security firm Imperva has uncovered a new, automated, cloud-based phishing kit.

Unlike traditional phishing kits, which have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers.

Two master hackers wrote and then posted a phishing kit into hacker forums, but any hacker using this kit becomes an unknowing member of the master hacker's army.

When hackers use this kit and deploy a successful phishing campaign, all the stolen credentials and information goes straight back to the master hacker without the proxy hacker's knowledge.

"It's very clever. The master hacker never needs to conduct a campaign to see financial gain," said Amichai Shulman, chief technology officer at Imperva, who uncovered the cloud-based phishing kit.

Because the phishing kit is cloud-based, the infrastructure for this phishing kit never goes away, said Shulman.

In traditional schemes, when a server is taken down the web page and all the back-end data collection capability comes offline, but in a cloud-based approach data is hosted separately.

Taking down the "front-end" server does not impair the campaign because the command and control centre is unaffected, said Shulman.

This means hackers only need to repost the web front-end in a new location to be back in business, he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy