Microsoft analyzes methods: Powerful phishing service provider busted

Microsoft discovers a criminal network that makes gigantic profits with a phishing service. The masterminds behind "BulletProofLink" are probably responsible for many of the current phishing attacks with email spam and are cashing in big time.

Email spam is not only incredibly annoying, it is also dangerous. This is because the fake messages are used by gangsters to try to capture sensitive data from users, such as passwords or account information. Companies are often the target of phishing attacks in order to blackmail or spy on them.

One criminal group is currently apparently responsible for a particularly large number of attacks on companies, offering a thriving phishing service under the name "BulletProofLink". Microsoft's security department has analyzed how far this goes and what methods the gangsters use.

In principle, the group acts like a clever legal service provider. It offers construction kits, email templates, hosting and automated services. Among other things, "BulletProofLink" has over 100 phishing templates in its portfolio, and in one go the gangsters can quickly set up more than 300,000 subdomains for a campaign.

"Unique services for dedicated spammers".

The gangsters have been active since 2018. They maintain several websites under their aliases "BulletProftLink," "BulletProofLink" and "Anthrax." These include YouTube and Vimeo pages with instructions. They also advertise on various forums.

The group advertises their offer as "unique services for every dedicated spammer". Those who want to take advantage of the service simply sign up at the "BulletProofLink" online store. The group offers a 10 percent discount for the first order or subscription to its newsletter.

Wire-pullers cash in twice

Customers can buy phishing kits, which "BulletProofLink" usually offers as ZIP files. This enables them to build up their own campaign in a modular system. However, the offer also includes an all-round carefree package, in which the group takes care of everything from e-mail templates to hosting to the analysis of captured data. This is called Phishing-as-a-Service (PhaaS).

"BulletProofLink's" customer base is apparently quite large. According to Bleeping Computer, the phishing service's ICQ group chat had 1618 members last year. The prices are cheap, the masterminds make money with mass. Monthly subscriptions are available for as little as $800, and a one-time hosting link costs $50.

But this is not the only income of the gangsters. They often also sell the captured data or use it to blackmail phishing victims. Of course, "BulletProofLink" also accepts Bitcoins as a means of payment.

Network not dismantled so far

Even though the gangsters market their phishing service quite openly, it is not easy to put a stop to them. Among other things, they are able to create any number of subdomains with unique addresses. Thus, they fall through the cracks of usual detection methods, which are based on the exact match of domains and URLs.

Microsoft has been able to analyze the gangsters' methods and tools, but has not yet been able to dismantle their network. Currently, "BulletProofLink" continues to carry out active phishing campaigns in which a large number of passwords are tapped, according to the security researchers' blog entry.

Comments

Post a Comment

Popular posts from this blog

Chrome targeted by criminals: Why users need to update quickly now

A security vulnerability in Google Chrome is currently being exploited by cyber criminals. Malware could land on your PC through it. Read here how you can protect yourself. The Google Chrome browser is currently struggling with some security vulnerabilities. In a blog post , Google warns about a total of seven vulnerabilities, with the majority of these gaps being classified as a "high" threat to users. The vulnerabilities have been fixed in the latest version of Chrome for Windows, Linux and macOS. If you have Chrome version 90.0.4430.85 installed, it can no longer be exploited. If you have an older version of the browser installed, you should update urgently. You can find the download of the new version below these lines. Smartphone users do not have to be afraid of the security vulnerability. Google has not had to take any security measures here for the time being. The security vulnerability probably remained undiscovered by cyber criminals for the time being. So far, noth...
Read more

Face and voice recognition: Why TikTok wants to be allowed to collect biometric data in the USA

TikTok's privacy policy for the US now mentions the collection of biometric data from faces and voices. The background is likely to be a legal dispute that cost the company $92 million. Neue Datenschutzbestimmungen sind oft eher etwas für Juristen, doch die jüngste Aktualisierung von TikTok sollte alle Nutzerinnen und Nutzer in den USA aufhorchen lassen. Denn in den am 2. Juni aktualisierten Datenschutzbestimmungen für die USA ist ein Abschnitt enthalten, den es zuvor nicht gab. Er lautet übersetzt: »Wir sammeln möglicherweise biometrische Identifikationsmerkmale und biometrische Informationen, wie sie im US-Recht definiert sind, wie etwa von deinem Gesicht und deiner Stimme, aus deinen Inhalten.« Im englischsprachigen Original ist von »faceprint« und »voiceprint« die Rede. »Bevor wir damit anfangen«, frage man jedoch nach dem Einverständnis, wenn dies gesetzlich nötig sei, fügte noch TikTok hinzu. In response to an initial inquiry from "TechCrunch" about the ba...
Read more

Microsoft Teams, Zoom, WebEx: Berlin authority warns against popular video systems

After an initial data protection audit, some video service providers have made improvements to their offerings. But the Berlin data protection commissioner still sees serious shortcomings. The State Commissioner for Data Protection in Berlin (Germany), Maja Smoltczyk, advises against using leading video conferencing systems such as Microsoft Teams, Skype, Zoom, Google Meet, GoToMeeting, Teamviewer and Cisco WebEx. The reason is a retest of various offerings. After a number of services had already failed a test of data protection requirements last year, a new test of the major providers did not reveal any substantial improvement. Smoltczyk said that she was pleased "that our comments had persuaded so many providers to improve their offerings, in some cases very significantly, in terms of data protection". There are now enough legally compliant services for a wide range of purposes that there is no reason to break data protection law for video conferencing. However, if a provid...
Read more