The Lazy Man’s Guide to Phishing
By Lucas Ashbaugh
Laziness and sloppy work are the twenty first century’s newest business model, and for phishing actors it’s a gold rush. The real winners from modern phishing have taken a chapter out of the entrepreneur’s handbook: The Lean Startup. For them, phishing isn’t about artisanal fraud and refined skills, it’s about starting cheap, failing quickly, and getting their head back in the game. It’s horrendously brilliant. In a world where SOCs are constantly grinding to block that IP, scan for that hash, disable macros, etc., automated solutions just can’t keep up. When it comes to phishing, speed is king. At the CofenseTM Phishing Defense Center, threat analysts witness this sloppy and rushed businesses model day in and day out. And worse yet, they get the occasional glance at businesses who have failed to learn this same lesson.
Ironically, the last thing some criminals think of is cybersecurity; it’s just not worth their time. It’s no big deal if a phishing page gets taken down when it only takes an hour to prop up another one. This means that fraudsters often leave their servers completely open for anyone to execute code, modify, or steal information from for their own purposes. Below is just one example of these enterprising criminals and the lax security they implement. This genius left his front door wide open when he left his database completely accessible, offered an interface to facilitate code execution, and left the rest of his tool box open to the public.
But hey, what does it matter? This’ll all be taken down in a few days and propped up on a new compromised server later that same day. Then they’ll take aim at the same exact companies, and the whole cycle will start anew, doomed to repeat indefinitely. And in fact, with this site in particular, that has already happened. This site was first discovered and defended against on August eighth, then – only two days later – it was discovered back up and kicking but on a new TLD.
Yet, for whoever’s running the phish, it’s a lucrative cycle. With every reboot, the new phish hasn’t been picked up by defensive tools yet, meaning these phishes aren’t blocked and there’s always a few employees who eventually fall for it. And that’s where the real money is, when a phishing attempt successfully tricks the most gullible 1% of a company, they’ve achieved their goal. For these fraudsters, phishing is all about the low hanging fruit. It’s a low effort, low risk, high reward market.
In fact, some criminals field such low quality phishes that they forgo safeguarding the credentials they steal all together. It’s commonplace for criminals to take these credentials and just clear text post them to pages sitting on open directories. That leaves name-recognizable companies with their credentials sitting there publicly accessible for all to see, and worse yet, these companies blatantly fail to notice. Cofense’s Phishing Defense Center routinely stumbles across these lists of name-recognizable companies’ accounts from cases where they failed to defend against these phishes, all while protecting their customers from falling for the same trap.
Unlike other slow-to-learn companies who are insistent on automated solutions, customers of Cofense TriageTM , our phishing response platform, are able to dispatch a skilled analyst to explore suspect emails and phishes, investigating instances like these before it’s too late. Without Cofense, users feel trapped into a ‘black and white’ situation, click or don’t click. However, with the Cofense ReporterTM button, it gives them a third, safe route. Especially in a world where criminals have adopted the Lean Startup business model, companies need an adaptive and flexible defense strategy to match. And while a ton of tools claim to fit this need, bottom line – it takes a human to defend against a human. Otherwise, phishermen will continue to endlessly feast on the internet’s low hanging fruit.
Learn more about Cofense Triage, including recent upgrades.
All third-party trademarks referenced by Cofense whether in logo form, name form or product form, or otherwise, remain the property of their respective holders, and use of these trademarks in no way indicates any relationship between Cofense and the holders of the trademarks.