Recently unearthed by security researchers, a new, criminal ‘phishing-as-a-service‘ (PhaaS) platform has been identified. This phishing platform, called Caffeine, is unique in its broad accessibility. Anyone with an email can create an account, choosing from three different subscriptions: $250 a month (Basic), $450 for three months (Professional), or $850 for six months (Enterprise).
These paid subscriptions are required to access the vast amount of features the cybercriminal platform boasts. These features include customized phishing kits, campaign success tracking tools, management of redirect pages, tools to configure attacks, and generation of dynamic URLs that host payloads. Researchers also discovered templates earmarked for use against Russian or Chinese targets.
Caffeine particularly stands out in the sea of tools that cybercriminals can potentially use to target victims. These criminals often find these phishing resources in underground forums, encrypted messaging apps, or through platforms similar to Caffeine that require referrals from other users. Caffeine cuts out this underground element entirely. The platform is lowering the barrier to entry for cybercriminals by allowing literally anyone with an email to access these nefarious tools.
Additionally, researchers noted that creating an account required no disclosure of information or external validation methods, which is typical with other phishing platforms, making Caffeine far more unique than other platforms. The developers of this platform continue to make it readily accessible through several updates, including increasing the number of cryptocurrencies accepted, feature updates, and more.
In conclusion, this new platform poses a huge security risk, as the intuitive interface, low cost, and multitude of features truly allow anyone on the Internet to begin their cybercriminal career.
Security researchers made several recommendations to help protect against falling victim to phishing scams. These tips include implementation of two factor authentication, the use of behavioral analytics for web log analysis to include initial URL structure, form submissions and redirections, and the periodic evaluation of public facing web-infrastructure and files against known legitimate versions of the content.
“Traditional phishing techniques continue to be a reliable Initial Intrusion Vector for cyberattacks, and, as demonstrated by the Caffeine PhaaS platform, the tools to conduct full-fledged enterprise-level phishing campaigns are cheap to acquire, simple to use, and readily available to adversaries,” concluded Mandiant researchers.