In a major multinational law enforcement operation, authorities have disrupted LabHost, one of the world's largest "phishing-as-a-service" platforms facilitating cyber fraud on a massive scale.
The year-long investigation, coordinated by Europol and involving 19 countries, resulted in the shutdown of LabHost's infrastructure and dozens of arrests across several continents this week. LabHost had provided phishing tools and services to around 10,000 cybercriminal users worldwide for a monthly subscription fee.
"This international investigation was led by the UK's London Metropolitan Police, with the support of Europol's European Cybercrime Centre," according to a statement from Europol. "The LabHost platform, previously available on the open web, has been shut down."
Europol stated that at least 40,000 phishing domains were linked to LabHost, which targeted users of hundreds of financial institutions, shipping firms, telecom providers, and more. A core feature called "LabRat" allowed criminals to monitor phishing attacks in real-time and bypass two-factor authentication.
"What made LabHost particularly destructive was its integrated campaign management tool... designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures," Europol said.
The operation resulted in 70 searches across the globe between April 14-17, including the arrest of four key LabHost operators in the U.K. Britain's Metropolitan Police identified nearly 70,000 U.K. victims alone who were tricked into handing over personal data like passwords and bank details via phishing sites.
"Online fraudsters think they can act with impunity. The operation showed law enforcement worldwide can dismantle international fraud networks at source," said Dame Lynne Owens, Deputy Commissioner of London's Metropolitan Police Service.
Toby Lewis, Global Head of Threat Analysis at Darktrace, highlighted LabHost's role in the surge in global cybercriminal activity, saying:
"This large-scale fraud operation is a prime example of the commoditization and evolution of cybercrime. The LabHost service provided a turnkey solution for over 2,000 would-be cybercriminals, dramatically lowering the barrier to entry for launching phishing campaigns."
Lewis warned that LabHost represents a "troubling trend" of attackers shifting towards outsourced cybercrime-as-a-service models to maximize impact while minimizing effort and risk. However, he stated that law enforcement disruptions like this raise the costs for criminal gangs.
"We must continue to innovate to make it increasingly difficult and expensive for cybercriminals to operate," Lewis said. "Only by raising the bar will we be able to stay ahead of these sophisticated, profit-driven threats targeting everyday internet users."
While a significant win, cybersecurity industry watchers say the fight is far from over as disbanded groups often restructure. Authorities vow to persistently crack down on these illegal service providers democratizing cyber fraud.
Follow SecureWorld News for more stories related to cybersecurity.
