There’s a new alert from the Microsoft 365 Defender Intelligence Defender Team that has issue a warning against the new type of dangerous phishing attack which is also called “Phishing as a Service (PhaaS)” a criminal enterprise called BulletProofLink.
Microsoft Tech companies have disclosed large details about the large scale phishing operation while they were investigating campaigns against the business.
According to research and investigation against the BulletProofLink, they use some of the alleged tools and services webpages that can be used to do phishing with the users.
Microsoft Warns Of Widespread ‘Phishing As A Service’ Attack Under Opening
BulletProofLink sends the legitimate software link as a professional service business subscription model. But according to Microsoft, BulletProofLink engages them in the end-to-end development of tools to run the different phishing campaigns. Researching about the phishing attack, we came across a point that they usually use a new high-volume of new websites having a unique subdomain – up to 300,000 in a single run. From the given research and campaign they have concluded a conclusion from this operation. They said the services that include tools for creating false sign-in pages, credentials distribution, as well as a web hosting.
Usually, the standard of phishing kits offers different emails and site templates that also require only a one-time payment. However, this “Phishing As A Service” or PhaaS is basically a subscription-based model that usually offers these types of services.
How Does BulletProofLink Is Using Phishing As A Services
So basically, what does BulletProofLink do they usually set up a Website having a unique domain and subdomain that looks authentic to the user and they are usually sent to different clients as a service model website to get credentials harvested from them instead of distributing the malware and ransomware viruses. Although the operator tries to keep the copy of those credentials who enter up into it and they were able to steal it through the campaigns. They also resold at later stages also.
There is no worth anything of PhaaS groups that may offer a great deal, for instance, PhaaS services – from template creation, hosting and designing it as an authentic business model for their clientele said by the Microsoft Defender 365 Threat Intelligence Team.
Most of the phishing services providers host the links, pages, and attackers who pay for these services simply receive the stolen credentials later on. Unlike in ransomware operations, the attackers don’t gain access to devices directly and instead simply receive the untested stolen credentials.
The researchers from Microsoft dug deep down into the BulletProofLink templates, services, as well as pricing structure and which apparently have been active since 2018. They also maintain websites under aliases which also include BulletProofLink and Anthrax along with the Youtube and Vimeo youtube page with instructionals ads and contents that are mostly hosted on the external forum. Their main operation task is to just copy the legitimate business like the registration form, sign-in form and as well as online stores – which is also used for fake marketing advertisement by the attacker or the hackers to advertise their own services at a monthly fee subscription.