Phishing kits most common method deployed by threat actors: Anshuman Sharma of Verizon Business

Fraudulent communication impersonating banks, telecom operators or even electricity supply company are at an all-time high. The communication, mostly pushed in the form of emails and messages, appears to come from a reputable source but aims to steal sensitive data like credit card and login information. As phishing cases are on the rise, Anshuman Sharma, Associate Director CSIRT & Investigative Response, APJ, Verizon Business, talks to Business Today about the rise of phishing kits in India and how one can tackle such attacks. Edited excerpts: 

BT: How common are phishing kits in India?

AS: Automating the tasks is one of the key things that cyber-criminals look forward to. Phishing kits give threat actors the ability to deploy effective phishing pages regardless of their skill level. Therefore, leveraging phishing kits for webpage development, administration, capturing, and submission of the credentials and session tokens/OTP is made easy. India is no exception when it comes to social engineering attacks, and phishing-kits are one of the most common methods deployed by the threat actors. As many organisations have moved to Cloud-based email solutions, leveraging phishing kits helps the bad guys to carry out a man-in-the-middle attack.

BT: Where do hackers obtain them from?

AS: Phishing kits are available for sale in many cybercrime forums, hacker forums, and the dark web. For example, a sophisticated PHP-based phishing toolkit dubbed ‘NakedPages’ was put up for sale on cybercrime forums a few months back. CERT-GIB (Group-IB’s Computer Emergency Response Team) identified 3,677 unique phishing kits in 2022, 25% more than in 2021, which clearly shows the easy availability of these kits. 

BT: Which sectors are targeted the most?

AS: As per the Verizon DBIR 2023 report, 74% of all breaches include the human element, through Error, Privilege Misuse, Use of stolen credentials, or Social Engineering. Social Engineering (including phishing) accounts for 17% of breaches and 10% of incidents. Although every sector is a target, typical sectors that are targeted include retail, financial, informational, public sector, and accommodation & food services.

BT: How can enterprises and consumers protect themselves?

AS: The most effective way in which organisations can protect themselves is to stay informed and knowledgeable via active threat intelligence. Providing periodic and ongoing education to users, such as refraining from opening any attachments or clicking on any links in emails that they have not requested, even if the sender appears familiar to you. If the email is unexpected, be cautious when opening any attachments and double-check the URL. Organizations must invest in AI-based protection from phishing and business email compromise to outsmart targeted attacks with AI-based threat detection.