Cybersecurity Threat Advisory: BulletProofLink Makes Cyberattacks Easier

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week there is a new critical alert that requires the mission-critical community’s immediate attention.

Advisory Overview

Microsoft recently released the results of its deep-dive analysis into BulletProofLink, a large-scale phishing-as-a-service (PHaaS) operation that follows a software-as-a-service (SaaS) business model. This model enables cyberattackers to purchase phishing kits and email templates, in addition to hosting and automated services, for a low monthly cost. This further enables them to conduct phishing attacks with minimal effort.

What Is the Threat?

BulletProofLink, also referred to as BulletProftLink and Anthrax by its operators in various promotional materials, is used by numerous cyberattack groups for its phishing kits and email templates, as well as low-cost, subscription-based phishing services, including hosting and automation. This subscription-based model streamlines the ability to conduct cyberattacks. BulletProofLink also is known to proliferate the technique of “double theft,” a method by which stolen credentials are sent to both the PHaaS operator and the cyberattacker. Double theft results in monetization of credential theft on multiple fronts and exposes victims to potentially numerous exploitations.

Why Is it Noteworthy?

With more than 300,000 subdomains and 100 available phishing templates that mimic popular brands and services, BulletProofLink is responsible for many of the phishing campaigns that are impacting organizations today. PHaaS differs from traditional phishing kits — which are sold in one-time transactions — in that it follows a SaaS model, providing subscription-based services that support cyberattackers in site hosting, email delivery, and credential theft.

Phishing attacks are among the most difficult threats to protect against; even in organizations that deploy technical security measures, the success or failure of an attack often depends on an individual user’s security awareness. A single user with poor security awareness can compromise an entire organization comprised of otherwise security-aware users by accidentally engaging with a phishing communication, leading to credential theft or malware being deployed in the organization’s environment. As PHaaS becomes more prevalent, phishing attacks may become more common, leading to more opportunities for compromise.

What is the Risk?

Any organization that provides employees with email accounts and access to online resources may become subject to a phishing attack — this includes organizations with email protection, endpoint protection, domain restriction, and other technical security measures. A user without proper security-awareness training is particularly susceptible to phishing attacks, exposing not only themselves to compromise, but their associates and their organization, too.

What are the Recommendations?

Technical security measures and user training both play an important part in protecting an organization from a successful phishing attack. MCP recommends the following actions:

• Implement email protection in your organization’s email environment. An anti-phishing service can warn users of suspicious communications in their inboxes and prevent them from interacting with content that has a high confidence of being malicious.
• Maintain a culture of high user awareness. Technical solutions like email protection are only part of the equation in protecting your organization from successful phishing attacks. Users should be trained to notice the telltale signs of phishing, such as misspellings and grammatical errors in official-looking emails, links to strange domains, and requests for personal information from unknown senders. Regular security-awareness training and reminders to be on the lookout for malicious communications can keep users alert to potential threats in their inbox.
• Consider investing in a phishing-awareness training platform. Phishing awareness training can help your organization assess and reduce its employees’ susceptibility to phishing attacks by providing continuous simulation and security training.
• For a more intense solution, restrict access to unauthorized domains and implement endpoint protection on work computers to prevent users from interacting with malicious content in phishing attempts. Though this measure is effective, users still may expose the organization to compromise if users are able to access work resources on their own unrestricted devices.
• Instruct employees to use unique credentials among their various accounts. In case of credential theft, having unique credentials will limit the extent of compromised accounts and necessary mitigation efforts required after a successful phishing attack.

References

For more in-depth information about the recommendations, please visit the following links:

• https://thehackernews.com/2021/09/microsoft-warns-of-wide-scale-phishing.html
• https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/
• https://osint.fans/bulletproftlink-phishing-service-p1

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety and justice entities and other critical infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.