Phishing site LabHost taken down by international taskforce

18 Apr 2024

Image: © John Gomez/Stock.adobe.com

Police managed to take down the site and arrest 37 suspects, striking a potentially massive blow to phishing operations around the world.

Law enforcement groups from 19 countries – including Ireland – have managed to bring down one of the world’s largest phishing-as-a-service platforms called LabHost.

Europol claims this platform was a “significant tool” used by cyberattackers around the world, offering services such as phishing kits and hosting page infrastructure to assist criminals – in exchange for a monthly subscription of $249 on average.

The legal investigation tasked with taking down LabHost claims it uncovered at least 40,000 phishing domains linked to the site, which had “some 10,000 users worldwide”. The operation had been ongoing for roughly a year and culminated in a coordinated operation to take down the site and arrest individuals connected to the service.

Europol claims that 70 addresses were searched around the world between 14 April and 17 April, resulting in the arrest of 37 suspects – including four individuals in the UK linked with running LabHost and the alleged “original developer” of the service.

The European agency said cybercrime-as-a-service has become a “rapidly growing business model” that makes these criminal activities more accessible for unskilled hackers, but claimed it is more commonly used by ransomware groups.

“What made LabHost particularly destructive was its integrated campaign management tool named LabRat,” Europol said. “This feature allowed cybercriminals deploying the attacks to monitor and control those attacks in real time. LabRat was designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures.”

The investigation was led by the UK’s London Metropolitan Police, which said detectives first began looking into the site in June 2022 after they received “crucial intelligence” about it.

“LabHost and its linked fraudulent sites were disrupted and existing information was replaced with a message stating law enforcement has seized the services,” the UK police force said.

The danger of phishing

Phishing involves sending emails, texts or calls that appear to be from reputable sources in order to trick victims into sharing personal information, such as passwords and credit card numbers.

Muhammad Yahya Patel – a lead security engineer at Check Point – said phishing is “one the most indiscriminate yet successful forms of cyberattack”.

“Over time, these campaigns have become highly sophisticated and harder to spot, especially with the use of generative AI,” Yahya Patel said. “The assertive action led by the Met Police sends a strong message to cybercriminals that they are not untouchable.

“The seizure of the website, coupled with arrests, makes a statement that no one is truly anonymous online.”

Mark Robertson, the CRO and co-founder of Acumen, said LabHost was one of the “most dangerous” phishing-as-a-service platforms because it lowered the barrier of entry and gave novice hackers access to “ready-made tools to launch attacks.

“The costs to do this were low, but the returns were high, which is why it became one of the most popular platforms for criminals,” Robertson said.

“Phishing-as-a-Service is a major cybercrime activity today and internet users must be educated on its risks. Even when emails appear legitimate, caution must be used, especially in the age of generative AI.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com