![]() ![]() ![]() In this blog, we will be providing details on the actions taken by the Robin Banks administrators following our publication on the platform, as well as diving deeper into the infrastructure behind the phishing kit and what our findings may signify in relation to the overall cybercriminal threat landscape. In the first blog – Robin Banks might be robbing your bank – we introduced the Robin Banks platform, which sells ready-made phishing kits to cybercriminals aiming to gain access to the financial information of the customers of well-known banks and online services. ![]() This is the second part of a two-part blog series on the Robin Banks phishing-as-a-service (PhaaS) platform uncovered by IronNet analysts in July 2022. Our analysis indicates the infrastructure of the Robin Banks phishing kit relies heavily on open-source code and off-the-shelf tooling, serving as a prime example of the lowering barrier-to-entry to not only conducting phishing attacks, but also to creating a PhaaS platform for others to use.After our initial publication, Robin Banks debuted a new cookie-stealing feature cybercriminals can purchase as an add-on to the phishing kit in order to bypass multi-factor authentication (MFA) in attacks.In response, Robin Banks administrators made several changes, including relocating its infrastructure to a notorious Russian provider and changing features of its kits to be more evasive. Following our reporting on Robin Banks in July, Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |