border-home1

The Internet's Oldest Scam, Now Open Source

So, how do attackers actually break into a network? If you look closely, the answer is usually the same. Stolen credentials.

Credential theft remains one of the most common and effective ways attackers gain access today, and phishing plays a huge role in making that happen. But let’s rewind a bit before we get ahead of ourselves.

 

 

Phishing attack diagram

 

 

In the beginning, there was phishing

 

Phishing has been around since the very early days of the internet. In fact, one of the first well-known phishing attacks dates all the way back to 1996 and targeted AOL. That might sound surprising, but when you think about it, it makes perfect sense. Social engineering has always been easier than breaking systems directly.

 

Those early campaigns relied on a phishing kit with a very fitting name: AOHell. It gave attackers the ability to take over user accounts and pretty much do whatever they wanted. Even more interesting, it included a very basic form of automation that could automatically respond to AOL messages however the attacker configured it.

 

The goal back then was simple: steal accounts. This was the so-called “script kiddie” era of hacking. The damage was mostly annoying rather than financially devastating, but it was still disruptive. AOL eventually shut this down by blocking users from creating unlimited accounts using random credit card numbers, which was the loophole attackers were exploiting.

 

 

Where is phishing today?

 

If all of this sounds familiar, that’s because phishing has not fundamentally changed all that much. Credential abuse is still one of the most effective techniques attackers use to get into modern environments. Phishing and credential theft go hand in hand, and one often enables the other.

 

At its core, phishing still has two main goals. Either it delivers a payload to an endpoint, or it captures credentials that can later be used for full end-to-end, identity-based attacks. In many ways, we are dealing with the same problem today that existed back in 1996, just on a much larger and more automated scale.

 

Phishing kits are a big reason why this continues to work. While they are far more sophisticated than they used to be, they remain one of the primary ways phishing campaigns are executed today.

 

 

Modern phishing tools

 

 

Open source makes phishing easier than ever

 

Open-source tooling has made phishing more accessible than ever before. Kits like Gophish and Zphisher make launching a phishing campaign almost trivial. Interestingly, many defenders use these exact same tools to simulate attacks and test their users.

 

These kits come packed with customizable templates, landing pages, and large libraries designed to mimic popular services. They make it easy to send convincing emails, track campaigns, see which messages were opened, capture credentials, and manage the entire attack lifecycle with minimal effort.

 

Over the past couple of years, phishing has arguably been more effective than ransomware from an attacker’s point of view. It is cheap, scalable, and consistently successful, which explains why it continues to be such a persistent and growing problem.

Tags:
border-home1