News & Updates: on-demand

Stay up-to-date and get the latest information on Microsoft, their world-class business solutions and ElysianIT with our intelligent digital transformations

Microsoft Gold Partner

BulletProofLink: Phishing-as-a-Service (PhaaS)

Microsoft 365 Defender Threat Intelligence Team highlights the rise of a PhaaS (Phishing-as-a-Service) operation, dubbed BulletProofLink, which acts as the portal for the cybercrime underground.

In their research, the Microsoft team uncovered a large-scale operation that enables threat actors to easily carry out malicious campaigns. In one high-level campaign over 300,000 unique subdomains were created in a single run.  300,000 in a single run.

BulletProofLink has been active since 2018, and used by multiple threat actors being used in either one-off or monthly subscription-based Phishing business models.

Mityana Photo

Phishing is the term used to describe the sending of emails by criminals that look deceptively similar to legitimate emails from real companies. The emails contain links to similarly, more or less, well-made fakes of the respective company website, which ask the victim to enter their login data – these are then promptly forwarded to the criminals. This gives hackers access to all sorts of online accounts. This access can be used for criminal activities or the access data is sold.

BulletProofLink, which sells phishing kits, email templates, hosting, and automated services at a relatively low cost. With a PhaaS service starting at as low as £580 pm or a single-use kit costing around 35 pounds!

This comprehensive research into BulletProofLink sheds a light on the extent and complexity of phishing-as-a-service operations, and we urge you to read the full article so you can understand how prolific this type of cyber-security attack is.

Insights into phishing-as-a-service operations, their infrastructure, and their evolution inform protections against phishing campaigns. The knowledge gained during Microsoft’s investigation ensures that Microsoft Defender for Office 365 protects customers from the campaigns that the BulletProofLink operation enables.

If you need to understand your organisations’ cyber-security exposure, then book our free IT Security & Governance workshop. It will help you understand your cyber-security challenges and presents the solutions and options available, to keep you secure.

Book your free exploratory cyber security workshop today:

Intelligent Security

IT Security & Compliance

Enterprise Mobility + Security

Endpoint  Management

Security Operations Center
(Azzure Sentinal)

Microsoft Defender

Managed Security Service

Book your free exploratory cyber security workshop today:

logo - Microsoft Gold Partner

01256 976 650

ElysianIT Limited

Upper Farm, Wootton St. Lawrence,
Basingstoke, Hampshire, RG23 8PE

request >