Thousands of LabHost PhaaS domains exposed by FBI

The FBI has revealed 42,000 phishing domains leveraged by the major phishing-as-a-service platform LabHost from its emergence in November 2021 to its disruption in April 2024, reports Cyber Security News. Over 200 organizations, including banks and government agencies, could be spoofed by threat actors who used LabHost to facilitate global personal and banking data compromise, according to the FBI, which was able to retrieve the domains, as well as their dates of creation from the PhaaS platform's backend servers. Further analysis of LabHost's servers revealed more than a million user credentials and almost 500,000 stolen credit cards. Despite their inactive nature following the platform's dismantling as part of an international law enforcement operation, the domains published on the FBI's Internet Crime Complaint Center website could be leveraged for incident response measures, noted the FBI. "Historical research that identifies connections to any of these domains should prompt additional response and follow-up with the impacted user(s)," said the agency.