RSA Security recently announced the discovery of a new ?phishing kit? that enables novice cyber criminals with little to no computer skills to design and execute a sophisticated phishing attack (source). RSA discovered a demo version of the Universal Man-in-the-Middle Phishing Kit on an online forum used by cyber criminals and computer hackers.
Man-in-the-Middle
According to RSA Security, the Universal Man-in-the-Middle Phishing Kit simplifies the execution of a phishing attack and greatly increases it effectiveness. An aspiring cyber criminal only needs to register a domain name?preferably one that mimics a well known, legitimate web site. For example, cyber criminals intent on attacking PayPal customers have registered the domain name paypal-secure-login.com (source). Once this spurious domain is established, cyber criminals can configure the Universal Man-in-the-Middle Phishing Kit to direct traffic between the fake web site under the attackers control and the legitimate web site. In effect, the fake web site acts as a proxy to the legitimate one and, therefore, can intercept sensitive traffic, including login credentials and transaction information, between the targeted customer under attack and the legitimate web site.
The Universal Man-in-the-Middle Phishing Kit illustrates an escalation in skills and tactics by the cyber criminal underworld. Previous phishing attack kits, such as WebAttacker , establish a static malicious site that installs malware and potentially steal a targeted users? personal information. In comparison, the Universal-Man-in-Middle Phishing Kit can monitor all of the traffic between the targeted user and the legitimate web site by establishing the spoofed domain to intercept traffic between the user and the legitimate site. This technique allows the cyber criminal to defeat sophisticated security measures, such as two-factor authentication utilizing passwords and smart cards. As both authentication factors are passed to the legitimate web site, the spurious domain sits in the middle recording all the traffic. The intercepted data can be used to carry out various forms of cyber crime.
Lowered Barrier to Entry
The Universal Man-in-the-Middle Phishing Kit is available for $1,000 (source). WebAttacker, the early generation phishing kit, is still available for as little as $20. While these divergent prices points reflect varying degrees of sophistication in phishing kits, the net effect of these packaged tools is the decreased barrier to entry into the cyber criminal underworld. With these kits, aspiring cyber criminals no longer need to posses advanced technical and computer security skills to execute a phishing attack.
Thankfully, RSA Security has only detected the Universal Man-in-the-Middle in use in approximately one dozen attacks. However, this kit and other sophisticated kits like it will likely continue to be utilized, as phishing attacks have consistently proven a successful vector of attack.
