The Ukrainian Cyber-police, in coordination with the FBI and Australian law enforcement, conducted in an operation ending with the arrest of the author of the world’s largest phishing service. U-Admin is a phishing toolkit responsible for over 50% of phishing attacks in Australia in 2019 and it was used to attack financial institutions in multiple countries. The toolkit makes fake login web pages that steal victim credentials and can even capture two-factor authentication codes. The 39-year-old Ukrainian man is believed to have sold U-Admin on the Dark Web, in addition to providing technical support during phishing attacks, and now faces up to six years in prison if found guilty. Ukrainian officials have identified over 200 buyers of the malicious software.
This marks the second arrest of a Ukrainian citizen in a joint operation carried out by the Ukrainian Cyber-police and the FBI. These actions may signal that Ukraine is not a safe haven for cyber criminals as many users of criminal forums would prefer to believe. Binary Defense analysts will watch for discussions about this development if they appear. Although this is a blow to phishing scams, the attacks surely will continue. The best way to protect against phishing campaigns is training and awareness. Teaching employees how to spot a phishing email can be a great defense. Identifying suspicious URLs or email addresses or knowing when an attachment may be malicious can prevent an attack brought on by a phishing email. Spelling and grammar errors are also common in phishing scams as are suspicious links and mismatched domain names. If an email claims to be from a reputable company but the email came from a separate domain, it is likely a scam. Multi-factor authentication also provides a strong barrier against phishing attacks because it requires an extra step for cyber criminals to overcome in order to conduct a successful attack. Companies should also utilize a service such as Binary Defense’s Managed Detection and Response service to monitor endpoints for any abnormal activity and identify attacks early before they can cause damage.