A new attack has been uncovered using a phishing kit that has an indestructible infrastructure due to its residence in the cloud.
In the majority of phishing schemes when the main server is taken down the main collection point is also removed, but with this kit the data collection space is hosted separately from the phishing websites, Imperva discovered.
Once a server is taken out, all hackers need to do with the cloud-based kit is to re-post the web front end in a new location.
Imperva explained this case is also interesting for its provenance and operation.
Created by two "master hackers", the phishing kit was posted on hacker forums. Those who used the kit then became part of the master hackers' "army", meaning all the data they acquired went back to the creators, who did not have to put in the hours implementing the attack.
The masters' underlings did not know a thing about their leaders' activities either and, depending on the country, the kit's creators will not have broken the law as they just wrote the software.
And as each of the subsidiary hackers has their own campaign, taking down numerous domains will not affect other schemes that report back to the master hackers.
One of the overlords claimed their kit has been downloaded 200,000 times, Imperva said, but this could be an exaggeration, according to the security company's chief technology officer Amichai Shulman.
"To some extent this is malware-as-a-service," Shulman told IT PRO, adding that the attack shows how hackers will abuse technologies people are widely using - in this case the cloud.
"This is definitely showing a shift from the normal models that we have seen so far regarding phishing," Shulman said.
It appears hackers are getting creative with phishing attacks. Cyber criminals recently created clones of the Verified by Visa and MasterCard SecureCode protection features to dupe online consumers.
