A sophisticated toolkit that enables the automatic generation of phishing attacks has been built to take advantage of cloud computing in a way not seen before.
The kit not only damages businesses and individuals by stealing private data, but it also pulls information right back to the two hackers who wrote the malicious software, bypassing any hackers who distribute the software, effectively using them as unaware middlemen, who cannot necessarily benefit from the phishing attacks.
The malicious genius of the software is that its creators can sit back and watch the stolen data pour in without having to run their own phishing attacks, as hackers from around the world who have begun sharing the kit, once it was distributed via a notorious forums, will be doing all of the work for them.
Security vendor Imperva says that over 200,000 copies of the software have already been downloaded and although the small phishing sites which take advantage of it will be shut down after harvesting information from a few hundred unsuspecting users, the reach could extend much further.
By basing the power of the phishing kit in cloud computing the hackers have created a data theft network that will be almost impossible to eradicate, because there is no central server controlling the whole show. Instead thousands of individual hackers are all exploiting one another and constantly feeding data to the original creators, according to Imperva’s Amichai Shulman.
Authorities will be able to target individual phishing campaigns based on the new toolkit, but the eradication of a single campaign will not impact upon the dozens of others that are still up and running and so it could be the case that a running battle is fought well into the future, according to Mr Shulman.
Basing a phishing toolkit on the cloud computing model is certainly sensible from the twisted point of view of the hackers and ideally it will continue to generate new campaigns and harvest data for its creators. This could signal the dawn of a new era in the fight for data security.
