Summary: The report by Prodaft reveals the emergence of Phishing-as-a-Service (PhAAS) platforms, particularly focusing on the Lucid platform operated by Chinese-speaking threat actors. This platform facilitates large-scale phishing attacks targeting individuals and organizations worldwide through sophisticated mechanisms that exploit messaging technologies. The rise of such platforms underscores a growing threat landscape, intensifying the risks associated with financial cybercrime and the need for enhanced security measures.
Affected: Organizations and individuals across 88 countries
Keypoints:
- Lucid is a PhAAS platform that allows cybercriminals to conduct large-scale phishing campaigns, targeting 169 entities globally.
- The platform employs advanced messaging technologies like Apple iMessage and RCS to bypass traditional security measures and enhance attack effectiveness.
- The group behind Lucid, known as Black Technology or XinXin, has rapidly expanded its operations and is a primary source of smishing campaigns in the U.S., Europe, and the U.K.
Source: https://securityonline.info/lucid-the-rising-threat-of-phishing-as-a-service/