The Phishing as a Service (PhaaS) platform ‘LabHost’ has become a prominent concern in the cybersecurity landscape, particularly due to its heightened impact on Canadian banks. LabHost gained increased attention after introducing tailored phishing kits for Canadian financial institutions in the first half of 2023. Despite facing a disruptive outage in October 2023, LabHost has swiftly recovered, engaging in several hundred phishing attacks per month and surpassing its predecessor, Frappo, as the primary PhaaS platform responsible for targeting Canadian bank customers.
LabHost offers a range of membership tiers, each focusing on specific geographic targets, allowing cybercriminals to customize phishing campaigns effectively. These campaigns extend beyond banks, covering various online services, postal delivery, and telecommunication providers. The platform also introduced a new SMS spamming tool called ‘LabSend,’ enabling the embedding of phishing page links in text messages, further expanding the arsenal of cybercriminals. LabHost’s sophisticated functionality, including the LabRat real-time phishing management tool, facilitates the theft of two-factor authentication codes, authentication of valid credentials, and bypassing additional security checks.
The resurgence of LabHost underscores the growing accessibility of cybercrime facilitated by PhaaS platforms, posing a significant challenge to cybersecurity. The platform’s ability to offer turnkey solutions to unskilled hackers amplifies the scope and impact of phishing attacks, demanding heightened vigilance and countermeasures in the ongoing battle against cyber threats.
