LabHost, a notable phishing-as-a-service platform, was disrupted by international investigations. LabHost is considered one of the world's largest fraud websites, offering phishing kits, hosting page infrastructure, campaign overview services and functionality for interacting with targets. Now, the website has been seized and shut down. The investigation has uncovered at least 40,000 phishing domains associated with LabHost and around 10,000 users globally. 

Security leaders weigh in 

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4:

“News like this is important when they hit the national media. These stories are timely reminders that cybercrime is omnipresent, and it would be foolish to assume that one could not be a target. Cybercrime gangs are becoming more common. Law enforcement must reduce the accessibility and attractiveness of online fraud schemes. We must put a stop to the increasing trend of cybercrime turning into an opportunity business for aspiring cyber criminals. Sending out videos to all 800 users of the illegal services to scare them off is therefore a good step by law enforcement.

“Taking down cybercrime networks is the way to go. Shutting down websites alone will obviously not stop people, but seizing their services, and resources, and arresting key people will have an effect.

“Phishing-as-a-service offerings like LabHost contribute to the massive growth of phishing scams worldwide. The quality of these offerings is remarkable. They include entire tool sets to harvest a range of private information including credit card information, multi-factor authentication, or address information. The platform also offered features such as email phishing, SMS phishing, and even management of stolen credentials. Criminals use such service offerings to target businesses and private individuals. Organizations must assume responsibility for empowering their workforce by educating them to make smarter security decisions.

“It is great to see international law enforcement collaborations in taking down cybercrime groups. This is another important step. The first big takedown that tackles phishing after the lockbit ransomware takedown earlier this year. Phishing is the most used attack vector and ransomware as the most common monetization scheme are two important areas to tackle. Law enforcement is clearly stepping up the game and rightly so.”

Malachi Walker, Security Advisor at DomainTools:

“The LabHost platform disruption is the latest in a series of efforts carried out by law enforcement to remove opportunities for and disincentivize malicious activity. In this case, the LabHost phishing-as-a-service platform was being used by malicious actors mainly to target banks and other organizations within the finance sector. Finance is commonly targeted with online sites and domains that spoof legitimate holdings, usually for credential harvesting or spear phishing. Malicious actors targeting the financial services sector range from low-capability crimeware affiliates to the most sophisticated state-sponsored groups.

“This takedown likely impacts the low-capability crimeware affiliates the most so while organizations in the financial sector should be encouraged, they should still be vigilant and engage in standard best practices to protect their organization. The 37 arrests including the original developer can likely be attributed to the law enforcement operation being cited as taking place over the year. The longer history a threat actor has, the more likely their operational security has failed or will fail at some point. Those footholds can shut entire cybercrime organizations down–and they're often based on seemingly innocuous domain registration and hosting decisions. Both of which are incredibly common among those launching phishing campaigns.”

Dr. Ilia Kolochenko, CEO at ImmuniWeb and Adjunct Professor of Cybersecurity at Capital Technology University:

“Modern cybercrime is an incredibly profitable business, while risks of being apprehended — for experienced and well-organized gangs — verge on zero. Eventually, cyber gangs are actively recruiting the youth, namely IT and cybersecurity students, who are happy to make some extra money without much effort.

Most of the newbies do not even realize that they break the law, as their tasks may be pretty innocent, such as designing websites or mobile applications. Some gangs go as far as hiring students on behalf of non-existent penetration testing companies and asking their new “employees” to find vulnerabilities on “client’s” websites.

Worst, duped students are arrested and prosecuted, while cybercrime moguls remain unpunished and continue multiplying their fortunes and hiring new instrumental evildoers. Law enforcement agencies and government should urgently consider investing in educational and awareness campaigns among all students to prevent cybercrime: arrests and criminal prosecution merely treat the symptom, while the disease is swiftly proliferating making more and more victims.”