WMC Global's Ben Coon, VP of Threat Intelligence, and Bobby Preston, Threat Analyst and Sr. Business Development Manager, presented at SaintCon this October.
1 min read
Emerging Trends in SMS Phishing
Topics: SMS Attack Kit Analysis Phishing Phishing Kit Threat Intel finance 2FA Two-Factor Authentication Voice Passwords SMS Phishing Credential Phishing smishing Vishing financial institutions
2 min read
Phishing for Finance - Akamai x WMC Global SOTI Report
Cloud and enterprise security leader Akamai has partnered with WMC Global researchers to release their State of the Internet report focusing on phishing in the financial services industry. We have included key excerpts below and access the full report HERE.
HIGHLIGHTS
- In 2020, there were 193 billion credential stuffing attacks globally, with 3.4 billion of them in the financial services space, representing a 45% growth over 2019.
- The number of web attacks targeting the financial services industry grew by 62%. Akamai observed 736,071,428 web attacks recorded against financial services in 2020. What was the number one web attack type targeting financial services? Local File Inclusion (52%), followed by SQL Injection (33%) and Cross-Site Scripting (9%).
- The Kr3pto phishing kit, which targets financial institutions and their customers via SMS, has been observed spoofing 11 brands across more than 8,000 domains since May 2020. Akamai and WMC Global has tracked Kr3pto campaigns across more than 80 different hosts (ASNs), including one host that housed more than 6,000 Kr3pto domains.
- An API used by the Ex-Robotos phishing kit, which targets corporate credentials, logged more than 220,000 hits over 43 days, with peaks in the first week of February 2021 reaching tens of thousands per day.
FINANCIAL PHISHING
Over the past several years, phishing has remained a constant variable in many of the data breaches and security incidents that have dominated the headlines. Criminals have dedicated a good deal of energy and resources toward advancing the phishing economy on a regular basis. Gone are the days of basic cloned websites. Today, phishing is a turnkey business, even offered as a hosted solution for criminals who wish to leverage phishing-as-a-service developments.
As phishing attacks and kit development started to advance, defenders realized that usernames and passwords alone were not enough. To combat the phishing onslaught and other password-based attacks, defenders turned toward multi-factor authentication (MFA) and two-factor authentication (2FA) to help augment basic passwords. While 2FA is a subset of MFA, both provide the means of a second type of authentication, such as a PIN or one- time password (OTP). Often, 2FA is associated with SMS-based OTPs, whereas MFA is associated with authenticators, like Google Authenticator.
Fast-forward to today — the criminals have evolved. This change includes elements that target 2FA and MFA protections, where victims are tricked into filling out their OTP or revealing it to the threat actor during a conversation.
In this report, WMC Global and Akamai present research related to threat actors and the phishing kits being used to target the financial services industry, or people within it. One relatively new threat actor poses a serious threat to the financial services industry in the UK, with the development of dynamic phishing kits that effectively bypass secondary methods of authentication.
Topics: Phishing finance Banking
24 min read
Year-End Phishing Report - 2020 WMC GLOBAL
Summary
WMC Global's Threat Intel Team analyzed thousands of phishing kits in 2020. While "16Shop" continues to be the most popular, kits capable of capturing gathering multi-factor authentication data, like "Puppeteer," are emerging. There was a large increase in SMS phishing compared to emails over 2020, indicating SMS will continue to be a substantial threat in 2021. WMC Global observed that consumer brands continued to be the primary target for phishing, with Netflix and Facebook being the most impersonated brands; however, WMC Global also observed new threat vectors for phishing in the form of COVID-themed phishing. The United States was the number one location for hosting phishing sites, with NameCheap being the provider hosting the most phishing sites over 2020. WMC Global predicts that in 2021 multi-factor authentication will become a focus for threat actors, phishing link delivery methods will continue to evolve, and phishing kit intelligence will be more prevalent in tracking threat actors.
Topics: SMS Attack Phishing Kit finance Netflix Puppeteer Kit
6 min read
Kr3pto Puppeteer Kits: Dynamic Phishing Kit Targeting UK Banking Customers
At WMC Global, we are tracking a threat actor who goes by the alias "Kr3pto," a phishing kit developer who builds and sells unique kits targeting UK financial institutions amongst other brands.