Phishing fraudsters have begun using industry-standard AES-256 encryption to disguise the content of fraudulent sites.
"The site used AES to hide the phishing page content", Paul Wood, manager of cyber security intelligence at Symantec, told El Reg. The tactic is designed to make the analysis of phishing sites more difficult for security researchers without interfering with how sites are presented to victims, as a blog post by Symantec explains.
This process happens almost instantly, so users are unlikely to notice anything unusual. Once decryption is complete, the phishing site is shown as normal. A casual, shallow analysis of the page will not reveal any phishing related content, as it is contained in the unreadable encrypted text.
The techniques in play, which are essentially designed to give phishing sites a slightly longer shelf life before the inevitable smackdown, is far from foolproof and wide open to improvement. For example, no attempt is made to hide the key or otherwise conceal what is going on. "However, we expect that as phishing detection matures further and improves in effectiveness, attacks like this will become more sophisticated," writes Symantec security researcher Nick Johnston.
The fraudulent site itself poses as a banking website that's only noteworthy because of the use of AES-256 in its underlying code.
Cybercrooks across the spectrum of villainy are starting to use industry-standard encryption to push their wares. For example, the notorious CryptoLocker ransomware scrambles files on infected Windows PCs using RSA public-key cryptography before demanding a ransom from victims of $300 or more, payable in Bitcoin. Security firms Fox-IT and FireEye began offering a free recovery service to victims in August, but this service was only possible because of the recovery of a cache of private keys from a seized server – not through any break in the crypto scheme used by the cybercrooks.
Security researchers at Dell SecureWorks recently revealed how cybercrooks have taken to using steganography – the art of hiding secret information within another image or message file – to run a click-fraud scam. ®