One of the most used Phishing-as-a-Service (PhaaS) platforms, LabHost, has been closed by an international group of law enforcement authorities coordinated by Europol. London's Metropolitan Police have been working with Europol on an operation to infiltrate and close down a website used by more than 2,000 criminals to defraud victims worldwide in their latest joint operation to tackle large-scale online fraud. Now, 37 suspects have been arrested as part of the international operation led by Europol, including the original developer of the LabHost service, and the LabHost platform is no longer available. This is the second major blow to cybercrime following the takedown of Lockbit, another 'managed service' cybercrime operator, in February 2024.
See: https://redskyalliance.org/xindustry/lockbit-ransomware-takedown-hurts-their-brand
Cybercriminals who subscribed to LabHost were sent personalized 90-second “LabHost Wrapped” videos informing them of the takedown operation as well as recording key evidence against them gathered by law enforcement, including:
- When the individual first subscribed to LabHost.
- How long they’ve been a subscriber?
- How much they’ve paid to LabHost?
- The number of IP addresses they’ve used to access LabHost
- The domains they’ve used
- The various countries and organizations they have targeted
LabHost is believed to have obtained 480,000 card numbers, 64,000 PINs, and nearly one million account passwords.
The cyber security company Fortra has closely monitored LabHost in recent years and claims to have mitigated tens of thousands of phishing attacks by cyber criminals using the platform. Michael Tyler, Senior Director of Security Operations at Fortra's Phish Labs unit, commented, “The closing of LabHost by international law enforcement is sending shockwaves through the Phishing as a Service ecosystem... In addition to the high-profile arrests of LabHost operators, Fortra Threat Intelligence https://forta.org is observing other PaaS platforms competing with LabHost experiencing service instability and suspending their communications and support channels."
LabHost was established in 2021 and quickly gained a criminal user base. By 2024, it was operating, more than 40,000 fraudulent sites had been created, and 2,000 users were registered and paying a monthly subscription fee of between US$250 and US$350, many of whom law enforcement officers can now identify.
The extent of the data collected by this operation is remarkable. Forta expects many arrests as law enforcement uses this data to uncover the criminals' real-world identities. Some have already been arrested, while others are now the focus of the ongoing investigation.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
Comments