Phishing as a service (PhaaS) has grown alarmingly, with over 17,500 domains targeting 316 brands in 74 countries, according to a recent report by Netcraft. This surge in the use of phishing tools is due to the popularity of platforms like Lucid and Lighthouse, which facilitate large-scale phishing campaigns and template customization, revealing a complex ecosystem where cybercriminals operate more easily.
A problem for small and large businesses
Lucid, documented by the Swiss cybersecurity company PRODAFT, allows operators to send phishing messages via SMS using services like iMessage and RCS. With advanced customization features, attackers can design specific campaigns that require elaborate setup, ensuring that only selected targets access the fraudulent links.
The activity of PhaaS is associated with a threat group known as XinXin, which collaborates with other actors such as LARVA-246. These groups have been able to innovate in their tactics, using more sophisticated attacks, such as the creation of fake domains that employ Japanese Hiragana characters to deceive users, especially in the field of cryptocurrencies.
Recently, a change in communication channels for phishing has been documented. After a month of a 25% increase in credential harvesting, a return to email as the primary means of collecting stolen data has been observed, moving away from platforms like Telegram. According to experts, this reconfiguration is due to the decentralized nature of email, which makes interventions more complicated.
Likewise, scammers have used the identities of recognized American brands, such as Delta Airlines and Universal Studios, to offer schemes where a deposit in cryptocurrencies is requested, reflecting how cyber actors use modern tactics to scale economically motivated fraud. This trend suggests a constantly evolving environment where cybersecurity faces significant challenges.
