Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A new phishing-as-a-service platform by the name of Caffeine has just made it easier for threat actors to engage in attacks.
An open registration process allows anyone to set up an account, buy a monthly subscription, and start their own phishing campaigns.
Main Caffeine log in screen – Source
What Does PaaS Mean Exactly
As we know, software as a service or briefly SaaS is a business model that provides access to applications over the internet or cloud, and it comes as an alternative to buying and installing software locally. However, it wasn`t long before this principle surfaced among threat actors, in the shape of malware as a Service (MaaS) or ransomware-as-a-Service (RaaS).
Phishing-as-a-service is different from traditional phishing kits, which are sold as one-time payments to gain access to packaged files with ready-to-use email templates. PaaS is subscription-based and follows a software-as-a-service model, while also expanding on the capabilities to include built-in site hosting, email delivery, and credential theft, according to The Hacker News.
What Makes Caffeine Dangerous
Mandiant`s cybersecurity analysts first discovered Caffeine after investigating a large-scale phishing campaign aimed at Microsoft 365 account credentials.
This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns.
One aspect that makes Caffeine different from other PaaS platforms, is that it does not require invites or referrals. Its open registration process allows anyone with an email to access their services, for a monthly subscription ranging between $250 a month (Basic), $450 for three months (Professional), or $850 for a six-month license (Enterprise).
Another distinction between Caffeine and most PaaS is that its phishing templates target Russian and Chinese platforms, whereas the latter tend to focus on Western services.
Some of the advanced features offered by Caffeine include:
- Mechanisms to customize dynamic URL schemas.
- First-stage campaign redirect pages and final lure pages.
- IP blocklisting options for geo-blocking, CIDR range-based blocking, etc.
As per The Hacker News` article, it seems the ultimate goal of the phishing campaign is to facilitate the theft of Microsoft 365 credentials. However, based on customer demand, additional login page formats could be introduced in the future.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.
