Julius Caesar Linked To 890,000 New Phishing Attacks
Working in the field of cybersecurity is full of surprises. I doubt, however, that you were expecting to read an article that ties Julius Caesar, the infamous Roman emperor, to nearly a million phishing attacks so far in 2025. But here we are.
The phishing threat continues apace, fuelled by the lure of distributing infostealer malware, and exampled by increasingly sophisticated attacks as the FBI has warned. Far from being evil coding gurus, most cybercriminals participating in phishing attacks are actually what you might call low-level chancers, little skill but big hopes of a profitable payday.
They are helped in this nefarious endeavor by the use of phishing-as-a-service platforms that take all that annoying technical ability out of the equation. Newly published research has revealed the most common of these platforms is known as Tycoon 2FA, and, dear reader, that’s where Julius Caesar comes in.
One thing that is no surprise is that phishing continues to be an ongoing threat to consumers and organizations alike. No longer are these the simplistic “you’ve won the Canadian lottery” or “I’m a Nigerian Prince and want to give you money” scams of old, but with the help of AI have become much more challenging to spot and, as a consequence, much harder to resist.
What is particularly concerning, as already mentioned, is the use of phishing-as-a-service platforms to expedite the creation and deployment of attacks. A March 19 report by threat researchers at Barracuda Networks has revealed just how prolific these attacks are, detailing a staggering one million across January and February alone.
That number becomes even more worrying when you realize that one platform, Tycoon 2FA, accounted for 89% of them. Much of this appears to have been very recent, with an outbreak in the middle of February, according to Deerendra Prasad, an associate threat analyst in the threat analyst team at Barracuda Network, who said that an investigation “revealed that the platform has continued to develop and enhance its evasive mechanisms, becoming even harder to detect.”
Which brings us to Julius Caesar. ‘The Floodgates Open’—Bitcoin And Crypto Brace For A $9 Trillion Fed Price Flip Google Chrome Attack Warning—Stop Using Your Passwords ‘NYT Mini’ Clues And Answers For Wednesday, March 19 In order to help evade detection, the malicious scripts used to obstruct analysis of the phishing pages by defenders have been upgraded, Prasad said.
The new script is, wait for it, encrypted using what is known as a shifting substitution cipher rather than being in plain text. Something is known as a Caesar Cipher, in fact. This works by replacing every plaintext letter in a string with another that is a fixed number of places along the alphabet. It’s about as simplistic as you can get, to be honest, and all you need is the shift number to decrypt such messages.
It’s given the name after Julius Caesar who was known to have used the encryption technique to keep his personal correspondence secret while in transit. “This script is responsible for several processes,” Prasad confirmed, “such as stealing user credentials and exfiltrating them to an attacker-controlled server.”
So, there you have it, Julius Caesar has a direct link to 890,000 ongoing phishing attacks. Who knew?