Multi-layered phishing intrusions could be more easily deployed by less experienced threat actors with the new sophisticated FishXProxy phishing kit, which has been promoted across the hacking forums, reports SiliconAngle.
Aside from having a straightforward interface and a highly configurable antibot system allowing automated scanner and researcher filtering, FishXProxy also bolsters the legitimacy of phishing sites by exploiting Cloudflare Workers and SSL certificates, according to an analysis from SlashNext. Phishing links are also obscured by FishXProxy through a built-in redirector, said researchers, who also discovered the phishing kit's automated link expiration functionality. Such a development should prompt the implementation of more robust phishing security training and systems among organizations, noted HoxHunt Oy co-founder and CEO Mika Aalto. "As more phishing attacks consequently bypass filters, we need to make sure our people are equipped with the skills and tools to keep themselves and their colleagues safe. Even advanced attacks will trigger a mental alarm in the upskilled human defense layer," said Aalto.
