In 2024, phishing attacks continue to be one of the most insidious threats in the cyber security landscape. With increasingly sophisticated techniques and advanced tools, cyber criminals are able to deceive users and companies, stealing sensitive information and causing significant damage. Below is a technical analysis of the six main phishing tools used this year and recommendations to protect organisations from such attacks.
Phishing: the most popular tools in 2024
1. Social Engineer Toolkit (SET)
A comprehensive suite for social engineering attacks. It is written in Python and offers a wide range of attacks, including phishing attacks based on cloned web pages. SET exploits spoofing and human behaviour manipulation techniques, allowing the creation of fake login pages similar to legitimate ones. Attacks can be directed via e-mail or via the web browser.
2. SocialFish
An open-source phishing tool that allows the creation of fake web pages for collecting credentials. Written in Python, the tool is often used for targeted spear-phishing attacks and includes features such as real-time monitoring of victims. Once a phishing page has been created, SocialFish sends the stolen credentials directly to the attacker’s server.
3. Evilginx2
An advanced phishing tool based on man-in-the-middle (MitM) attacks. Instead of simply cloning a login page, Evilginx2 intercepts communications between the user and the legitimate server, collecting session tokens, passwords and authentication information. This allows the attacker to bypass two-factor authentication (2FA) as well.
4. I-See-You
A phishing tool that combines social engineering techniques with victim location tracking. Using a simple URL-based interface, the attacker can obtain the real-time geographic location of a victim who clicks on a specific link. This tool can be used to prepare more targeted attacks.
5. SayCheese
SayCheese is a phishing tool that exploits vulnerabilities in browsers to access the victim’s camera without the victim’s consent. The attacker sends a link and, if the victim opens it, the tool captures images from the device’s camera, exploiting insecure permissions.
6. OhMyQR
OhMyQR is a tool that generates QR codes to perform phishing attacks. Often used in combination with other tools, such as SocialFish, OhMyQR allows phishing URLs to be hidden inside QR codes. When the victim scans the code, they are redirected to a fraudulent page.
Recommendations
To mitigate the risk of phishing attacks in 2024, it is crucial to adopt a multi-layered security approach, including the following measures:
- H24 monitoring and response systems: MDR systems monitor the entire corporate IT infrastructure around the clock detecting suspicious activity and responding to attacks in real time.
- Multi-factor authentication (MFA): Implement MFA on all critical systems to reduce the possibility of stolen credentials being sufficient to gain access.
- Employee education: regularly train employees on how to recognise and report suspicious emails and links, including bogus login pages and malicious QR codes.
- Protecting web connections: ensure that all company websites use HTTPS and that security solutions, such as firewalls and intrusion detection systems (IDS), are updated to detect and block known attacks.
- Monitoring access sessions: check logs regularly for suspicious activity, such as access from unusual locations or phishing relay attempts.
- Use of authentication hardware: Implement hardware-based authentication, such as security tokens, to secure sessions and prevent man-in-the-middle (MitM) attacks.
- Blocking unauthorised access to devices: strengthen device security by restricting access to sensitive hardware features such as cameras and geolocation.
In conclusion…
The use of these advanced tools by attackers requires a multi-layered security strategy, combining prevention, detection and response technologies. It is essential to implement strong authentication solutions, educate users about the risks of phishing, and continuously monitor networks for suspicious activity.
Only with proactive protection can the risks associated with phishing attacks in 2024 be mitigated.
Analysis by Vasily Kononov – Threat Intelligence Lead, CYBEROO
