In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK.
The popularity of the platform meant that at the time of the takedown, it boasted more than 2,000 criminal users, who had used it to deploy over 40,000 fraudulent sites leading to hundreds of thousands of victims worldwide. The platform offered a number of key benefits to its criminal clientele, including: The ability to obtain two-factor authentication (2FA) codes by proxying the connection to the phished organization using Adversary-in-the-Middle (AitM) techniques.
Read more…
Source: Trend Micro
Related:
- Cyber Firm at Center of Russian Hacking Charges Misread Data
March 21, 2017
An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election. The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with ...
- Personalized spam campaign targets Germany
March 20, 2017
A spam campaign Symantec observed in January 2017 targeting people who live in Germany appears to be, once again, using detailed, real personal information to enhance the believability of the messages. Victims who open the message attachments are likely to have their Windows computers infected with malware that steals banking information. First seen in the UK Symantec ...
- Cybercriminals getting as good as nation state spies – report
March 14, 2017
The European energy sector is being targeted by advanced threat actors seeking proprietary information to advance the capabilities of domestic companies, according to FireEye Mandiant. The latest annual report by FireEye’s incident response arm further warns that cyber threat groups are also targeting European industrial control systems for potentially disruptive or destructive operations. The capability of cybercriminals ...
- Fighting cyber crimes in offshore oil and gas industry
March 1, 2017
Cyber crime costs offshore oil and gas companies millions each year in lost business and damaged equipment, a cyber attack on critical infrastructure, such as an oil rig, can result in more than just lost revenue but it can be catastrophic for the environment and have far reaching impacts. However, cyber security on actual installations is ...
- New Global Cybersecurity Report Reveals Misaligned Incentives, Executive Overconfidence Create Advantages for Attacker
March 1, 2017
Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), today released “Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity,” a global report and survey revealing three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation ...
- Even bakeries get hit by hackers, top insurer warns ‘ill-equipped’ small businesses
February 27, 2017
Bakers are not immune from the hacking epidemic spreading across Europe, a top insurer has warned. Hiscox boss Bronek Masojada said small businesses faced just as much risk as large ones from cyber crime – but many did not have the resources to combat it. He said that in one case, a German bakery was targeted by ...