January 24, 2023 By Jonathan Reed 2 min read


Recently, investigators at Mandiant discovered a new software platform with an intuitive interface. The service has tools to orchestrate and automate core campaign elements. Some of the platform’s features enable self-service customization and campaign tracking.

Sounds like a typical Software-as-a-Service (SaaS) operation, right? Well, this time, it’s Caffeine, the latest Phishing-as-a-Service (PhaaS) platform. A basic subscription costs $250 a month; all you need is an email to sign up.

How caffeine PhaaS is different

PhaaS vendors advertise and sell their products as phishing kits. A phishing kit includes everything required to launch a successful phishing attack, such as email templates and even templates for rogue websites to send victims to. Some phishing kits also include lists of potential targets.

As per Mandiant, what makes Caffeine different from most other PhaaS offerings is its low barrier of entry. To sign up for Caffeine services, only an email is required. Unlike Caffeine, other PhaaS platforms typically only communicate through referrals, underground forums or encrypted messaging. Also, Caffeine provides email templates directed at Russian and Chinese targets, which is unusual for PhaaS.

Other Caffeine features include:

  • Tools to orchestrate and automate phishing campaigns
  • Self-service phishing kit customization
  • Capability to manage intermediary redirect pages and final-stage lure pages
  • Dynamic URL generation for hosted malicious payloads
  • Ability to track campaign email activity
  • Caffeine news feed: announces feature updates and expansions of accepted cryptocurrencies.

According to Mandiant, the average PhaaS platform costs from $50 to $80, making Caffeine relatively expensive. Caffeine may be pricier due to its unlimited customer service support options and its extensive anti-detection and anti-analysis features.

Rise of commercialized attack services

Caffeine represents a continued trend of Cyber-Crime-as-a-Service, which makes it easy for non-technical adversaries to launch massive attacks. Like legitimate subscription-based software, the programming and business organization behind these attack platforms is highly sophisticated. Caffeine even offers three service tiers (Basic, Professional and Enterprise at $250, $450 and $850 per month, respectively).

Undoubtedly, security professionals wince when they compare the low cost of phishing services versus the $4.35 million average cost of a data breach.

Phishing attack protection

Given the ease of access to phishing attack kits, companies must implement effective anti-phishing security. Training employees to be aware of these scams is a key starting point. Some organizations will even send out internal bogus phishing emails to keep team members on their toes. Still, even with the best training, attacks can slip through the cracks. For this reason, more comprehensive strategies are required.

Solutions, such as security information and event management (SIEM), have evolved to include advanced analytics such as user behavior analytics (UBA), network flow insights and artificial intelligence (AI) to accelerate detection. SIEM also integrates with security orchestration, automation and response (SOAR) platforms for incident response and remediation.

Other approaches, such as zero trust, manage privileged access to ensure that users are only granted access to data essential to their jobs.

The growth of nefarious services like Caffeine makes us jittery. Solid, well-developed security can help keep us calm.

More from Risk Management

Operationalize cyber risk quantification for smart security

4 min read - Organizations constantly face new tactics from cyber criminals who aim to compromise their most valuable assets. Yet despite evolving techniques, many security leaders still rely on subjective terms, such as low, medium and high, to communicate and manage cyber risk. These vague terms do not convey the necessary detail or insight to produce actionable outcomes that accurately identify, measure, manage and communicate cyber risks. As a result, executives and board members remain uninformed and ill-prepared to manage organizational risk effectively.…

The evolution of ransomware: Lessons for the future

5 min read - Ransomware has been part of the cyber crime ecosystem since the late 1980s and remains a major threat in the cyber landscape today. Evolving ransomware attacks are becoming increasingly more sophisticated as threat actors leverage vulnerabilities, social engineering and insider threats. While the future of ransomware is full of unknown threats, we can look to the past and recent trends to predict the future. 2005 to 2020: A rapidly changing landscape While the first ransomware incident was observed in 1989,…

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today