Contact
QR code for the current URL

Press release Box-ID: 361673

Imperva Inc. 3400 Bridge Parkway, Suite 101 94065 Redwood Shores, CA, United States http://www.imperva.com
Contact Ms Darshna Kamani +44 20 7183 2834
Company logo of Imperva Inc.
Imperva Inc.

Imperva finds master hacker who dupes thousands into phishing army

(PresseBox) ( Redwood Shores, CA, )
Imperva uncovered a new, automated, cloudbased phishing kit. Our Application Defense Center found this kit on a hacker forum.

This attack highlights an interesting twistthere's no honor among thieves. Two master hackers wrote and then posted a phishing kit into hacker forums. The irony is that anyone using this kit becomes an unknowing member of the master hacker's army. When hackers use this kit and deploy a successful phishing campaign, all the stolen credentials and information goes straight back to the master hacker without the proxy hacker's knowledge. It's very clever. The master hacker never needs to conduct a campaign to see financial gain.

This next gen phishing kit works like this:

- Two master hackers created a phishing kit that generates phishing sites as a service to other hackers.
- The master hacker publishes the kit on hacker forums and news groups
- Low level hackers use the kit to create the phishing sites and create numerous campaigns. The master hacker claims 200K+ downloads.
- The low level hackers may see some success and may steal a few hundrerd credentials before their fake sites are shut down.
- The master hacker that created the kit now leverages their back door harvesting all the credentials the proxy hackers managed to get-which translates into thousands of accounts. The master hacker doesn't do a thing and, depending on the country, hasn't technically broken any laws because all they did was write the software.
- Since new people create new phishing sites every day, with new campaigns the master hacker's numbers just grow and grow and grow.

Unlike previous phishing kits that have been available for years, this new approach lives in the cloud and relies on hackers exploiting other hackers. And with the new cloudbased approach, the infrastructure for this phishing kit never goes away. Why? In traditional Phishing schemes when you take down a server you also take down the collection point, aka, the command and control center. Also, you may be able to take down many domains set up by the same individual and severely affect the Phishing campaign. In this campaign, taking down the "frontend" server does not impair the campaign because you don't take down the command and control center since its in the cloud. What's more, each of the "subsidiaries" has their own campaign so taking down a bunch of domains does not affect other campaigns that send data to the command and control center. (It's a little like whackamole).
The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2022, All rights reserved

The publisher indicated in each case is solely responsible for the press releases above, the event or job offer displayed, and the image and sound material used (see company info when clicking on image/message title or company info right column). As a rule, the publisher is also the author of the press releases and the attached image, sound and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.