IronNet Discovers New PhaaS Targeting Banks, Others
IronNet researchers have observed an active cyber crime syndicate launching a new phishing-as-a-service (PhaaS) platform, selling phishing kits to cybercriminals who specialize in social engineering scams.
Known as Robin Banks, this threat actor provides ready-made phishing kits primarily targeting U.S.-based financial companies, as well as numerous companies in the United Kingdom, Canada and Australia, according to an IronNet blog.
Financial institutions advertised on the website include Bank of America, Capital One, Citibank, Wells Fargo and more. They also offer templates to phish Google, Microsoft, T-Mobile, as well as international companies like Lloyds Bank of England, Netflix in Canada, and Commonwealth Bank in Australia.
In mid-June, IronNet researchers observed a large-scale campaign using the Robin Banks phishing kit, targeting victims via text and email. The goal behind this campaign was to access credentials and financial information pertaining to Citibank, in addition to Microsoft account credentials.
Based IronNet’s investigation of the threat actor, this campaign proved very successful. Numerous victims had account information sold via the dark web and various Telegram channels.
Roger Grimes is data-driven defense evangelist at KnowBe4.
“There is nothing any business can do better than to defeat social engineering and phishing to reduce their risk to cybercrime,” he said. “Every organization should focus more on defeating social engineering and phishing, and less on other types of attacks that are far less likely to happen. It is because nearly every business fails to adequately focus on social engineering as the No. 1 attack vector, by far, that allows hackers and their malware creations to be so successful. Every business needs to create more and better defense-in-depth policies, technical defenses and education to defeat social engineering.”
Social engineering is involved in 70-90% of all malicious data breaches, Grimes said.
“And yet we continue to treat it as just one of the many ways we can be hacked instead of the primary way we are hacked,” he said. “Hackers love that we continue to be distracted by far less popular hacking attacks and continue for decades to not focus that much on fighting phishing and social engineering.”