![]() The phishing source site can be something as simple as one function: This creates yet another layer of evasion from the detection tools. The attacker will not just send the site’s URL directly to the victim – they would create another site, either with its own domain or with a compromised one, employing multiple functions and loops (usually implemented using base64) to redirect the victim to the actual phishing site. As a result, the regular function names are replaced by random numbers and letters, creating an array of loops to confuse the detection tools and pass the defense, eventually reaching the victim. When those are ready, the attacker obfuscates JavaScript to scramble the code. Then the source code and the functions are written, just like for any other website. Sidenote: this task is typically performed using a phishing kit, but we will be looking at the manual process.įirst, a regular phishing site with a common login (Office 365, for example) is built. Let’s see how the attacker creates an obfuscated redirection site. The most common method to do so is JavaScript obfuscation: the code of a phishing attack is made obscure and unintelligible so it cannot be read easily. This includes using an obfuscated redirection site whose sole purpose is to redirect the user to the actual phishing site while avoiding detection. One of the strategies the attackers use to elevate the complexity of a phishing site and evade detection by existing organizational mechanisms is obfuscation of the phishing site code. For this reason, securing Microsoft Office 365 has become harder. The detection tools have evolved and become more sophisticated, but so have the phishing creators. Those phishing sites used to be easy to recognize: the simple behind-the-scenes code would reveal the site’s identity, functions, information delivery methods and where the data was being sent to. We’ve all experienced the typical phishing site where the attacker asks that you enter your credentials while the sketchy Microsoft logo on top of the page makes you feel comfortable doing so.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |