New Phishing toolkit that can create real-time realistic phishing pages raises eye-brows

Attackers have fashioned a new phishing toolkit that can create real-time realistic phishing pages to trick victims into entering their credentials.

According, to a report from security researchers at RiskIQ, the phishing kit, dubbed LogoKit,  is fully modularized, allowing other threat actors to easily reuse and adapt it.

Researchers said that unlike other phishing kits that take advantage of complex layouts and multiple files, the LogoKit family is an embeddable set of JavaScript functions. These kits interact within the Document Object Model (DOM), allowing the script to dynamically alter the visible content and HTML form data within a page without user interaction.

RiskIQ security researcher Adam Castleman said his company had observed more than 700 domains running with LogoKit. Targeted services range from generic login portals to false SharePoint portals, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchanges. RiskIQ has also observed attackers targeting several sectors, including financial, legal, and entertainment.

• TikTok removed nearly 90 million videos globally in the second half of 2020February 25, 2021
  In total, from July 1 to December 31 last year, the company said … Read More
• Mastercard, MTN partner To enable payments on global platforms with Mobile MoneyFebruary 25, 2021
  Mastercard and MTN announced a strategic partnership to enable millions of consumers in 16 countries across … Read More
• Using lessons learnt in 2020 to combat the security threats in 2021February 25, 2021
  2020 saw a boom in cyberattacks with cybercriminals taking advantage of the coronavirus … Read More
• Cybercrime and the pandemic – Read Now!February 25, 2021
  A new report from BlackBerry shows that as our digital habits have changed over the … Read More
• Here is why enterprise security isn’t just an IT problemFebruary 25, 2021
  They say a chain is only as strong as its weakest link; when … Read More

“Due to the simplicity of LogoKit, attackers can easily compromise sites and embed their script or host their own infrastructure. In some cases, attackers have been observed using legitimate object storage buckets, allowing them to appear less malicious by having users navigate to a known domain name, i.e., Google Firebase,” said Castleman.

Javvad Malik, security awareness advocate at KnowBe4, told ITPro this new attack shows how invested criminals are in phishing attacks. 

“With each iteration, we see new techniques put in place designed to fool users into believing an email or website is legitimate,” Malik said.

Malik added that while technical controls can help to block some of these, they won’t be successful all of the time. 

“Which is why it’s important to educate and train users to be able to identify and report any suspicious emails or websites. Organizations also need to have monitoring and threat detection controls in place so that if an attack is successful, then it can be detected and responded to in a timely manner before it becomes a full-blown incident,” he added.

source/reference: itpro.co.uk

About Post Author

Daniel Kwaku Ntiamoah Addai

Experienced Information Technology Assistant with a demonstrated history of working in the utilities industry. Skilled in Microsoft Word, Computer Science, IT Service Management, IT Strategy, and Website Administration. Strong information technology professional with a CEHv10 focused in Certified Ethical Hacking from EC Council.

See author's posts