Phishing-as-a-Service (PhaaS) kits are gaining traction among cybercriminals, allowing for advanced phishing attacks with minimal technical skill. A LevelBlue analysis covering mid-2024 indicates that over 70% of phishing incidents relate to Business Email Compromise (BEC), highlighting the focus on accessing sensitive user information. Additionally, the RaccoonO365 PhaaS kit poses a significant threat as it can intercept login credentials and MFA cookies, bypassing common security measures. Meanwhile, traditional malware families remain effective, with a significant portion of attacks originating from well-known malware such as Cobalt Strike and Dark Comet, indicating a persistent reliance on established strategies within cybercrime.
The RaccoonO365 PhaaS kit is particularly concerning as it not only poses risks to user credentials but also circumvents multi-factor authentication, marking a significant shift in phishing tactics.
LevelBlue's analysis of a six-month period emphasizes that the accessibility of phishing tools like PhaaS kits is enabling even unskilled cybercriminals to launch effective attacks.
Collection
[
|
...
]