The landing page also constantly changes to bypass content filters. The phishing kit’s content is forwarded from another location, but masked to appear as if it was on the landing page itself. Compared to a usual phishing attack that would employ a single landing page, Heatstroke’s multistage approach tries to mimic what a legitimate website would do to lull the potential victim into thinking nothing is amiss. To avoid suspicion, the attackers do not hurry or spread their attack over multiple screens/pages. Heatstroke’s operators appear to have used these countermeasures to hide their trails: These free email accounts could thus serve as better starting points for attackers to reconnoiter and gather intelligence on their targets compared to business emails, which are typically more secure. Gmail accounts are particularly interesting attackers that gain access to these accounts can also access the victim’s Google Drive, and, under certain circumstances, potentially compromise the Android device linked to the account. They're also usually used as verification for social media and e-commerce websites, as well as backups for Gmail and business accounts. Private email addresses are more likely to be hosted on free email services with lax security and spam filtering. They aim for their victim's private email addresses, which they most likely collected from the victim's own address list, which also includes managers and employees in the technology industry. The way Heatstroke's operators do research on their potential victims is notable. Heatstroke demonstrates how far phishing techniques have evolved - from merely mimicking legitimate websites and using diversified social engineering tactics - with its use of more sophisticated techniques such as steganography.
The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code.
Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they're not going to stop using it.
0 kommentar(er)
