Security experts have discovered a new, highly automated phishing-as-a-service (PhaaS) platform that has been streamlining large-scale credential theft across 90 countries for several months.
KnowBe4, which discovered the phishing kit in early August, christened it “Quantum Route Redirect.”
“Quantum Route Redirect is an advanced automation platform that streamlines the entire phishing campaign process, from traffic rerouting to victim tracking. Our security researchers have identified approximately 1000 domains currently hosting this tool,” the vendor explained.
“The tool’s sophistication lies in its simplicity. The kit comes with a preconfigured setup that removes the technical expertise needed to launch such a sophisticated phishing campaign – which in turn can increase the volume of advanced phishing attacks targeting organizations globally.”
Read more on PhaaS: Morphing Meerkat PhaaS Platform Spoofs 100+ Brands
The PhaaS platform is able to distinguish between security tools and users – sending the former to legitimate websites and the latter to the phishing version. This helps it defeat URL scanning and some web application firewall products, KnowBe4 said.
It also offers handy features that help less technically minded cybercriminals, such as:
- A configuration panel to manage redirect rules, settings and routing logic
- Monitoring dashboards to view analytics including traffic data
- Intelligent traffic routing to automatically sort visitors
- An analytics dashboard that includes victim location, device type and browser information
The platform also offers cybercriminals a variety of themes with which to tailor their phishing emails. These include Docusign and similar, payroll impersonation, payment notification emails, missed voicemail messages and QR codes (quishing).
All of these phishing messages have the same end goal – to push victims to a Microsoft365 credential harvesting page.
Since the platform was discovered several months ago, 76% of victims have come from the US.
Tips For Network Defenders
KnowBe4 urged security teams to adopt a multi-layered defense strategy that combines some or all of the following:
- Natural language processing (NLP) and natural language understanding to analyze the content of an email message
- URL (and other payload) analysis, domain analysis, impersonation detection and polymorphic detection
- Sandboxing to inspect emails
- Continuous monitoring for potential account compromise
- A human risk management (HRM) platform featuring deep behavioral analytics, product telemetry and threat intelligence capable of generating risk scores for each user. This information can be used to support personalized training
- Email threat intelligence to inform company-wide education
- Rapid incident response policies/procedures to isolate compromised users, block access and perform digital forensics
“Reviewing the organization’s current tech stack and making any necessary adjustments now will help cybersecurity teams to stay ahead of attacks that leverage this technology, as well as whatever the next wave of emerging attacks will also hold,” KnowBe4 concluded.