Friend
Professional
- Messages
- 2,659
- Reaction score
- 865
- Points
- 113
The international campaign attacks popular networks.
BforeAI researchers have identified a massive phishing campaign targeting international pizza chains, resulting in significant financial losses. The investigation began after receiving information from the Singapore police about a phishing threat, as pointed out in an article by Yahoo News Singapore. The initial indicator of compromise led to the detection of a more sophisticated and ongoing attack spanning multiple countries and targeting various pizzeria brands.
Initially, the campaign was identified through the domain domino-please[.] com, which resulted in the loss of S$27,000 to seven victims through fake order pages mimicking the Domino's Pizza website. Attackers used paid advertising on search engines to bring their fake domains to the top positions in search results, overtaking the original sites. These techniques, combined with black hat SEO techniques, made users vulnerable to phishing.
Following the successful attacks in Singapore, the attackers registered domains targeting other major international pizza chains, such as PizzaPizza, Little Caesars, Blaze Pizza, 241 Pizza, Panago Pizza, and Boston Pizza. These domains are very similar to the real thing, but contain small changes that can easily mislead users.
Attackers continue to register new domains using IP addresses associated with suspicious domain registrations with unusual domain extensions such as '.life' and '.top', which is not typical for legitimate brands. Attacks begin with the creation of fake sites that are virtually indistinguishable from the original ones. When placing an order, users enter a one-time password (OTP), which allows attackers to obtain card details and use them for unauthorized transactions, which leads to the loss of funds to victims.
The campaign is not limited to one country and is a global threat, with a particular focus on Canadian pizza chains. The ability of attackers to register and maintain multiple domains indicates a well-orchestrated operation aimed at exploiting the popularity and credibility of these brands.
Despite the fact that the first attacks resulted in significant losses in 2023, the campaign continues into 2024. There has been activity targeting Canadian pizzerias, including PizzaPizza, Little Caesars, Pizzaiolo, Panago Pizza and Boston Pizza. Server movements and changes in activity dates in passive DNS records indicate the continuity of this campaign. The use of controversial VPS services such as Stark Industries confirms the involvement of well-equipped cybercriminals.
Recent research shows that some phishing domains continue to be updated, suggesting possible future attacks. The emergence of new domain registrations associated with the same threat group reinforces the need for constant threat monitoring.
The attacks are expanding to other organizations outside of the pizza industry as well, highlighting the need for increased attention and action to prevent further financial losses.
Source
BforeAI researchers have identified a massive phishing campaign targeting international pizza chains, resulting in significant financial losses. The investigation began after receiving information from the Singapore police about a phishing threat, as pointed out in an article by Yahoo News Singapore. The initial indicator of compromise led to the detection of a more sophisticated and ongoing attack spanning multiple countries and targeting various pizzeria brands.
Initially, the campaign was identified through the domain domino-please[.] com, which resulted in the loss of S$27,000 to seven victims through fake order pages mimicking the Domino's Pizza website. Attackers used paid advertising on search engines to bring their fake domains to the top positions in search results, overtaking the original sites. These techniques, combined with black hat SEO techniques, made users vulnerable to phishing.
Following the successful attacks in Singapore, the attackers registered domains targeting other major international pizza chains, such as PizzaPizza, Little Caesars, Blaze Pizza, 241 Pizza, Panago Pizza, and Boston Pizza. These domains are very similar to the real thing, but contain small changes that can easily mislead users.
Attackers continue to register new domains using IP addresses associated with suspicious domain registrations with unusual domain extensions such as '.life' and '.top', which is not typical for legitimate brands. Attacks begin with the creation of fake sites that are virtually indistinguishable from the original ones. When placing an order, users enter a one-time password (OTP), which allows attackers to obtain card details and use them for unauthorized transactions, which leads to the loss of funds to victims.
The campaign is not limited to one country and is a global threat, with a particular focus on Canadian pizza chains. The ability of attackers to register and maintain multiple domains indicates a well-orchestrated operation aimed at exploiting the popularity and credibility of these brands.
Despite the fact that the first attacks resulted in significant losses in 2023, the campaign continues into 2024. There has been activity targeting Canadian pizzerias, including PizzaPizza, Little Caesars, Pizzaiolo, Panago Pizza and Boston Pizza. Server movements and changes in activity dates in passive DNS records indicate the continuity of this campaign. The use of controversial VPS services such as Stark Industries confirms the involvement of well-equipped cybercriminals.
Recent research shows that some phishing domains continue to be updated, suggesting possible future attacks. The emergence of new domain registrations associated with the same threat group reinforces the need for constant threat monitoring.
The attacks are expanding to other organizations outside of the pizza industry as well, highlighting the need for increased attention and action to prevent further financial losses.
Source
