Phishing- As-A-Service

Uploaded on 2022-11-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

'Robin Banks' a notorious phishing-as-a-service (PhaaS) platform, has relocated its infrastructure to a Russian service platform known to used by cyber criminals and is offering a number of innovative new features to its criminal customers.

The relocation comes after the cloud infrastructure provider Cloudflare disconnected  Robin Banks from its services. The disconnection caused a prolonged outage to operations, according to a report from cyber security company IronNet.

Robin Banks was first reported in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services.

It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetise initial access to corporate networks for post-exploitation activities such as espionage and ransomware. 

Cloudflare's decision to blocklist its infrastructure in the wake of public disclosure has prompted  Robin Banks to move its frontend and backend to DDoS-Guard. "This hosting provider is also notorious in not complying with takedown requests, thus making it more appealing in the eyes of threat actors," said the IronNet researchers.

One of the features introduced is a cookie-stealing functionality which is achieved by reusing code an open source adversary-in-the-middle attack framework employed to steal credentials and session cookies from Google, Yahoo, and Microsoft Outlook even on accounts that have multi-factor authentication enabled.

  • Robin Banks is also said to have incorporated a new security measure that requires its customers to turn on two-factor authentication (2FA) to view the stolen information via the service, or, alternatively, receive the data through a Telegram bot.
  • Another notable feature is its use of ad fraud detection service, to redirect targets of phishing campaigns to rogue websites, while leading scanners and unwanted traffic to benign websites to slip under the radar.

Despite using an open-source tool that other cyber criminals could use themselves, Robin Banks charges customers a premium of $1500 a month on top of the regular $200 monthly fee for use of the cookie-stealing feature.

While there are numerous cyber criminals with the skills to develop their own proprietary hacking tools and malware in addition to maintaining the infrastructure necessary to conduct cyber attacks. The widespread availability of open-source tools hacking is having a commoditising effect, enabling less skilled cyber criminals to go phishing.

Heimdal:      IronNet:      CyberNews:       HotHardware:   tHacker News:    BleepingComputer: 

 IT Security News:      Security Affairs:     Phishing Tackle:

You Might Also Read:

Hackers Breach Multifactor Authentication:

 

« Ransomware Attacks Linked to FIN7
Smartphones Are More Vulnerable Than You Think »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

Cyberlytic

Cyberlytic

Cyberlytic applies artificial intelligence to combat the most sophisticated of web application threats, addressing the growing problem of high volumes of threat data.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

Yelbridges

Yelbridges

Yelbridges is your reliable partner in all fields of IT-Security, from developing of Security Policies and Guidelines to the design and implementation of secure processes.

Crypto Quantique

Crypto Quantique

Crypto Quantique's ground-breaking technology radically simplifies the process of generating a hardware root of trust in an IoT device.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

Ampyx Cyber

Ampyx Cyber

Ampyx Cyber (formerly Ampere Industrial Security) is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

Amvia

Amvia

Amvia is a fast-growing telecoms, Internet and Microsoft service provider. We supply voice, data and cyber security services to 100s of small and large companies.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

Surfshark

Surfshark

Surfshark is a cybersecurity company focused on developing humanized privacy & security protection solutions to secure people's digital lives.

ProvenRun

ProvenRun

ProvenRun is a leading provider of trusted software solutions with extensive expertise and an unwavering commitment to security.

GrayHats

GrayHats

GrayHats is a platform-based cybersecurity company devoted to delivering comprehensive, scalable, and proactive protection for businesses in an ever-evolving threat landscape.