Phishing kits now casting a wider net

A quick look at the impact of phishing attacks reveals some shocking statistics. According to research from MarkMonitor, the frequency of phishing attacks increased by 79 percent in the first quarter of 2018 compared to the same time last year.

The primary reason for the proliferation of phishing is clear: when done right, it can be an incredibly effective way for cyber criminals to get hold of confidential customer data that can then be used for illicit activity. But the sheer number of these attacks can also be explained through the commoditization of ‘phishing kits’, which have made it much easier for cyber criminals to flourish through the easy creation of phishing sites.

Phishing kits consist of an archive folder (usually a .zip or .rar) that contains all of the code, information, graphics and other files necessary to create a phishing campaign with relative ease. These kits are then uploaded to a host â typically somewhere within the dark web, a private online marketplace or a message board.

While the kits themselves are created/authored by experienced online criminals with a deep knowledge of coding and phishing, once uploaded to a host they essentially allow anyone – even those with minimal technical prowess – to equip themselves with the necessary tools to launch sophisticated cyber attacks.

The proliferation of these kits means it should be no surprise to see the number of phishing attacks continuing to increase. The net is being cast even wider than before, with more victims falling prey to attacks created and set-up by a growing number of online criminals.

MarkMonitor has detected over 100,000 unique instances of phish kits being used across the previous 28 months, equating to roughly 3,600 phish kits detected per month (duplicates removed per month). Interestingly enough, when de-duping across the entire subset, the number of unique phish kit detections drops to around 60,000 – indicating a fair number of phish kit reuse.

Screen Shot 2018 07 10 at 9.30.43 AM

Despite the efforts taken by criminals to prevent these kits being removed or shut down, MarkMonitor has developed innovative technology that can make a significant difference in mitigating the risks associated with them. Through our unique phish kit analysis feature, we can cluster all instances into what we call ‘phish kit families’, making it much easier to identify each offence and remove or harvest the contents of these kits during a phishing site shutdown.

In the same way that smartphone cameras have enabled anyone to be a photographer, phish kits have made it possible for anyone with malicious intentions to become a cybercriminal. While it might be impossible to identify every single phishing kit out there, our expertise and sophisticated solutions can help to ensure these do not have a lasting negative impact on your brand.

Click here to find out more about MarkMonitor’s AntiPhishing solutions.