Don’t Risk Getting Caught by Kr3pto Phishing Kits

by Jim Black on April 26, 2021

Akamai’s threat research team recently published a report showing that a new phishing toolkit named Kr3pto was targeting UK banking customers. A phishing kit is an all-in-one software package that lets just about anyone create and launch phishing attacks designed to steal user data by posing as a trusted entity. In the past, attackers needed to clone the target site, but now kits have evolved to include the decoy, making phishing attacks easier to replicate.

One fairly consistent aspect of phishing kits is that they are used across multiple domains in quick succession, with each domain being active only for a very short period. For example, between the start of December 2020 and the first week of April 2021, the Kr3pto toolkit was observed across more than 4,500 domains. This data is based on an analysis of global traffic from the Akamai Intelligent Edge Platform.

Phishing attacks have an extremely short life span. From the time the threat becomes active in the wild to the point it is deprecated by the attackers or taken down by security teams, just hours — or even just minutes — have passed.

The process of security vendors detecting new malicious phishing URLs, adding them to threat block lists, and distributing updates to customers can take many hours. Until the lists are refreshed, organizations and their employees are exposed to fast-moving phishing campaigns. To eliminate this security gap, you need to invest in additional layers of real-time phishing detection that do not rely solely on block lists.

Akamai’s cloud-delivered secure web gateway Enterprise Threat Protector, is designed to provide zero-day protection against the latest phishing pages built with toolkits. Malicious requests are stopped in real time at the point of request — even if the page has never been seen before — minimizing the risk of exposure between when new campaigns are launched and when they are added to block lists.