Fears over cyber crime tool that can build phishing pages in real-time

Threat actors installed the LogoKit toolkit on over 700 domains over the last month

Hooks on top of credit cards with a padlock in the background

Cyber criminals have created a new phishing toolkit that can create real-time realistic phishing pages to trick victims into entering their credentials.

According to a report from security researchers at RiskIQ, the phishing kit, dubbed LogoKit,  is fully modularized, allowing other threat actors to easily reuse and adapt it.

Related Resource

Employees behaving badly?

Why awareness training matters

Why awareness training matters - whitepaper from MimecastDownload now

Researchers said that unlike other phishing kits that take advantage of complex layouts and multiple files, the LogoKit family is an embeddable set of JavaScript functions. These kits interact within the Document Object Model (DOM), allowing the script to dynamically alter the visible content and HTML form data within a page without user interaction.

RiskIQ security researcher Adam Castleman said his company had observed more than 700 domains running with LogoKit. Targeted services range from generic login portals to false SharePoint portals, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchanges. RiskIQ has also observed attackers targeting several sectors, including financial, legal, and entertainment.

“Due to the simplicity of LogoKit, attackers can easily compromise sites and embed their script or host their own infrastructure. In some cases, attackers have been observed using legitimate object storage buckets, allowing them to appear less malicious by having users navigate to a known domain name, i.e., Google Firebase,” said Castleman.

Javvad Malik, security awareness advocate at KnowBe4, told ITPro this new attack shows how invested criminals are in phishing attacks

“With each iteration, we see new techniques put in place designed to fool users into believing an email or website is legitimate,” Malik said.

Malik added that while technical controls can help to block some of these, they won't be successful all of the time. 

“Which is why it's important to educate and train users to be able to identify and report any suspicious emails or websites. Organizations also need to have monitoring and threat detection controls in place so that if an attack is successful, then it can be detected and responded to in a timely manner before it becomes a full-blown incident,” he added.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
Iranian hacking group continues to target US citizens
hacking

Iranian hacking group continues to target US citizens

18 Oct 2021
Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
MirrorBlast phishing campaign targets financial companies
phishing

MirrorBlast phishing campaign targets financial companies

15 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021