The exponential growth of online fraud is mainly due to the emergence of fraud scams. Compared to more common forms of fraud, phishing is a lot more dangerous and accessible to all. The latest quarterly report of the Anti-Phishing Working Group APWG confirms this, revealing that only in January-March 2021, there were over 611,000 phishing attacks, marking a record of approximately 245,711 attacks in January alone. These figures illustrate a trend that is developing in different forms. To design and implement such attacks, technical skills are required, but many phishers do not design the attack from scratch and instead use what is known as a “phishing kits”. 

What is a phishing kit 

A phishing kit is a collection of files that an author or hacker installs on a fake page that mimics a bank or Facebook’s site and contains code to collect user credentials. These kits are then sold to other fraudsters, who install them on the site they want to attack.

This new fraudulent system is dangerous because it allows less experienced fraudsters to buy complex code from a cybercriminal, making it easier for both parties to receive data from the unsuspecting victim. 

In the past, deep technical skills were required to design and implement a successful campaign. Phishing pages typically had to be a perfect copy of a spoofed or targeted page, appropriately modified to send sensitive data collected surreptitiously to the phisher.

This would ordinarily require web development skills that many people do not readily possess, ultimately limiting the number of people that could potentially step into the role of a phisher. 

What can we get from Phishing kit? 

The good news is that the kit is a great source of data as it provides information on the techniques used for phishing attacks. Analysis of this threat can lead to the identification of criminals. However, the kits are not recognizable by users, and special tools are needed to identify the kit that is hidden behind the page. 

Ermes – Cybersecurity, highlights the characteristics of these new cyber-attacks and how to protect oneself. Ermes has analyzed tens of thousands of phishing kits to identify approximately 6000 kits targeting well-known brands.

In the evolution of kit writing, attackers copy and paste code parts from other kits, adapting them to their needs, and there are very few original kits. This allows entire clusters of related kits to be identified. 

Ermes has prioritized intelligence gathering and detection for phishing attacks, especially those using phishing kits. To combat this threats, Ermes has built a unique and proprietary dataset containing tens of thousands of phishing kits, which are continuously augmented by downloading phishing kits left by attackers on phishing sites that have been identified. Ermes routinely leverages this valuable resource to conduct research and map newly discovered phishing sites to a phishing kit family for the purpose of providing customers with critical insights and intelligence. 

What is the most worrying aspect of Phishing Kit 

According to Ermes’ Experts the most worrying aspect of these scams is the democratization of the attack. In fact, These kits are also “democratizing” or leveling the playing field among cyber criminals and other malicious actors. Previously, this attack required a plethora of technical skills for a phisher to be successful, ultimately limiting the number of people that could potentially engage in this now skyrocketing attack vector. 

Unfortunately, unlike the past, it is no longer the case that a potential cyber-criminal needs to have a real technical skillset to launch a phishing attack. The rise of this phenomenon around the world have all but removed this barrier to entry, making it a fairly simple and turnkey process to engage in the criminal act of phishing. With a lower threshold now in place, the increase in bad actors launching phishing attacks is likely responsible for the exploding number of attacks worldwide that have been reported by the Anti-Phishing Working Group (APWG). Not surprisingly, phishing also represents the costliest type of data breach according to a study conducted by the Ponemon Institute for IBM Security. 

Ermes Cyber Security is currently working on a white paper dedicated to phishing kits, which will be released at the end of April. Stay in touch for the next White paper realease/publication.