Growing Number of Phish Kits Bypass MFA
Phishing kits designed to circumvent multi-factor authentication (MFA) by stealing session cookies are increasingly popular on the cybercrime underground, security researchers at Proofpoint have warned.
After years of prompting by security teams and third-party experts, MFA finally appears to have reached a tipping point of user adoption. Figures from Duo Security cited by Proofpoint in a new blog today claim that 79% of UK and US users deployed some kind of second-factor authentication in 2021 versus 53% in 2019.
However, the threat landscape is changing as a result. Phishing kits offer a cheap-and-easy way for budding cyber-criminals to launch and monetize campaigns.
“In recent years, Proofpoint researchers have observed the emergence of a new type of kit that does not rely on recreating a target website. Instead, these kits use a transparent reverse proxy to present the actual website to the victim,” the firm explained.
“Modern web pages are dynamic and change frequently. Therefore, presenting the actual site instead of a facsimile greatly enhances the illusion an individual is logging in safely. Another advantage of the reverse proxy is that it allows the threat actor to man-in-the-middle (MitM) a session and capture not only the usernames and passwords in real-time, but also the session cookie.”
These cookies can then be used to access a targeted account without needing a username, password or MFA token.
Proofpoint has already noticed an uptick in the availability of such phishing kits and warned that the trend would only increase as MFA becomes more popular. They include “Modlishka,” “Muraena/Necrobrowser” and “Evilginx2.”
“We are now in 2022, the pandemic still rages, many workers are still working from home and many may not return to the office. As more companies follow Google’s lead and start requiring MFA, threat actors will rapidly move to solutions like these MitM kits,” Proofpoint concluded.
“They are easy to deploy, free to use, and have proven effective at evading detection. The industry needs to prepare to deal with blind spots like these before they can evolve in new unexpected directions.”
More Stories
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru Read More
KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps
Microsoft said it saw between 40 and 60 daily attacks in February Read More
BreachForums Admin Arrested in New York
Conor Brian Fitzpatrick of Peekskill was apprehended last Wednesday following an FBI investigation Read More
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP)...