The phishing-as-a-service platform 16shop was taken down on 8 August as part of a global investigation led by Interpol. Law enforcement arrested a 21-year-old Indonesian man accused of administering the platform, along with two other individuals involved in its operation: one in Indonesia and one in Japan. The police also confiscated electronic devices and several luxury items belonging to the suspects.
According to a report from cybersecurity firm Group-IB, which was involved in the takedown, 16shop hacking tools had been traded on cybercriminal underground forums since at least November 2017 and were sold to more than 70,000 users in 43 countries. These tools helped hackers deceive internet users through email scams and exploit their personal or banking information to extract money.
Phishing kits were designed to steal credentials and payment details from users of popular services such as Apple, PayPal, American Express, Amazon, and Cash App. They were sold at a relatively modest cost, ranging from $60 to $150, depending on the targeted brand. The Amazon kit, for example, was nearly $90 cheaper than the American Express kit.[1]
More than 150,000 phishing domains have been created using 16shop phishing kits, according to an analysis by Group-IB, which is based in Singapore. The platform’s customers targeted users in Germany, Japan, France, the US, the UK, Thailand, and other countries. Although the suspects lived in Asia, 16shop’s servers were hosted by a company based in the US.
Phishing-as-a-service tools are particularly dangerous because they automate cyberattacks, allowing “any person to leverage this type of service to launch a phishing attack with a few clicks,” Interpol said in a statement. Even cyber criminals with modest programming skills can deploy phishing pages quickly and in large numbers with the help of phishing-as-a-service kits, Group-IB said.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://therecord.media/phishing-as-a-service-platform-taken-down-16shop-interpol
Comments