Phishing-as-a-Service (PhaaS) kits are becoming increasingly popular among cybercriminals. They allow malicious actors to conduct sophisticated phishing attacks without technical knowledge.
An analysis by LevelBlue covering June 2024 through November 2024 shows that the popularity of PhaaS is increasing. This is partly explained by the accessibility of these phishing tools, which give cybercriminals tools that are instantly ready to attack companies and individuals. The RaccoonO365 PhaaS kit is a growing threat, which can intercept login credentials and multi-factor authentication (MFA) session cookies. This allows the PhaaS kit to bypass the most commonly used defence mechanisms.
According to the dataset analyzed, Business Email Compromise (BEC) is still the most common form of attack. More than 70 percent of the incidents investigated by LevelBlue involved BEC attacks. These attacks target the end user, typically with the goal of obtaining more information or access.
Known malware remains effective
The study shows that five well-known malware families—Cobalt Strike, Dark Comet, SocGholish, GootLoader, and Lumma Stealer—are responsible for more than 60 percent of all malware attacks observed. According to LevelBlue, this confirms that hackers are still successful with old campaigns. For example, Dark Comet has been active for more than 15 years and has evolved over the years.