Cyber Attack Tools Now Being Used To Help Phishing Pages Avoid Detection



Process Server PhishingCybercriminals are offering tools to help phishing pages avoid detection by security tools, according to researchers at SlashNext.

“Anti-bot services, like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, have become a cornerstone of complex phishing operations,” the researchers write. “These services aim to prevent security crawlers from identifying phishing pages and blocklisting them. By filtering out cybersecurity bots and disguising phishing pages from scanners, these tools extend the lifespan of malicious sites, helping criminals evade detection longer.” 

These tools are sophisticated and easy to use, allowing unskilled attackers to increase the effectiveness of their attacks for a relatively low price.

“Otus Anti-Bot is one of the most popular solutions, claiming to deploy behavioral analysis, challenge-response mechanisms, bot signature detection, and integration with threat intelligence feeds,” the researchers write.

“What sets Otus apart is its incredibly quick deployment—users can get it running on their phishing pages in under two minutes. Once deployed, Otus allows dynamic configuration changes, meaning the user only needs to paste the code once, and any updates to protection settings are applied in real time across multiple pages. The platform also offers easy IP and country-based whitelisting for customized testing and targeting.”

These tools also allow attackers to target phishing campaigns by region, further minimizing their detection rates.

“Some campaigns are region-specific, allowing anti-bot systems to block foreign traffic entirely,” SlashNext says. “For example, if a phishing campaign is targeting a Korean bank, the service might allow only Korean traffic to visit the site while blocking foreign IP addresses. This method can even be drilled down to the city level, ensuring the page remains under the radar of international cybersecurity services.”

Attackers are always finding new ways to stay ahead of security technologies. New-school security awareness training can give your organization an essential layer of defense by enabling your employees to recognize attacks that slip past security measures.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

SlashNext has the story.


BreachSim

Free downloadable software tool

How easy is it for bad actors to penetrate your system and exfiltrate your data? Pinpoint vulnerabilities, take action and build stronger cyber defenses with BreachSim, a free downloadable software tool from KnowBe4. Based on techniques outlined in the MITRE Att&CK framework, BreachSim launches 12+ data exfiltration scenarios to uncover the stark reality of what happens when employees unknowingly fall for an attack.

BreachSim LogoHow BreachSim works:

  • 100% harmless simulation of real breach and data exfiltration attacks
  • Provides secure .txt, .doc, and .bmp test files for the simulation
  • Tests 12+ realistic data exfiltration scenarios following the MITRE Att&CK framework
  • Just download the installer, upload the secure test files, and run

Results in a few minutes!

Try Now

PS: Don't like to click on redirected buttons? Cut and paste this link in your browser:

https://www.knowbe4.com/free-tools/breachsimu



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews