Phishing remains the favored and most successful method of obtaining an initial foothold in a targeted organization. So it should come as no surprise that threat actors have developed turnkey solutions that enable even low-skilled hackers to conduct successful email attacks.
Trustwave SpiderLabs Special Report: Phishing-as-a-Service, a supplement to the just released 2024 Trustwave Risk Radar Report: Financial Services Sector, is based on data culled from Trustwave SpiderLabs’ email security research on the financial services sector.
Trustwave SpiderLabs’ access to Trustwave MailMarshal client telemetry enabled the team to see the tactics that threat groups are using to target financial institutions and potentially wreak havoc. Download the report for a full look at the team’s findings, but here are a few quick takeaways.
Account and password-related alerts and purported communications from human resource departments are among several common themes. At the same time, the favored attachment is an HTML file capable of redirecting the target to a malicious site or bearing malware.
The team investigated how some PaaS operations have specialized to attack organizations in the financial sector with threat groups such as ONNX, Interac, and the recently defunct Lab Host taking the lead in this area.
The Trustwave SpiderLabs report lays out exactly what a PaaS operation offers. Groups often offer a “Netflix-like” approach where the customer gains access to a set of phishing tools for a pre-set period of time for a subscription fee. This period could be weekly, monthly, or somewhere in between, and the tools can include, but are not limited to:
The report goes into further detail concerning a wide range of PaaS platforms that Trustwave SpiderLabs has investigated, along with examples of what they supply, and even customer service dashboards that inform their customers how well a campaign performed.
The report also includes important steps to mitigate email threats spread through PaaS operations.
Please download Trustwave SpiderLabs Deep Dive: Phishing-as-a-Service for full access to all Trustwave SpiderLabs findings on this topic.