Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Low-Detection Phishing Kits Increasingly Bypass MFA
#1
Quote:More and more phishing kits are focusing on bypassing multi-factor authentication (MFA) methods, researchers have warned – typically by stealing authentication tokens via a man-in-the-middle (MiTM) attack.



As MFA continues to see widespread consumer and business adoption – a full 78 percent of respondents in a recent poll said they used it in 2021 – cybercriminals have devoted resources into keeping up. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, “ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers.”



Researchers also noted that MFA-bypass kits represent a security blind spot, with the associated IP addresses and domains often skating by VirusTotal detection.



According to Proofpoint, one of the phishing-kit approaches that’s particularly gaining steam is the use of transparent reverse proxies (TRPs), which enable attackers to insert themselves into existing browser sessions. This MiTM approach lets adversaries hide out and harvest information as it’s entered or appears on the screen.



This is a big departure from traditional phishing, which involves attackers creating copycat sites that mimic, say, an actual Windows log-in page in order to trick targets into entering their credentials. That traditional approach leaves plenty of room for red flags to be introduced, such as outdated logos, poor syntax, spelling errors and the like.



TRP kits show “the actual website to the victim,” researchers noted in a Thursday analysis. “Modern web pages are dynamic and change frequently. Therefore, presenting the actual site instead of a facsimile greatly enhances the illusion an individual is logging in safely.”




Meanwhile, attackers will hang out and steal session cookies, which can then be used by the threat actor to gain access to the targeted account without the need for a username, password or MFA token.



Source https://threatpost.com/low-detection-phi...fa/178208/
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses Bjyda 0 900 02-24-2021 , 11:40 PM
Last Post: Bjyda
  Cloud apps are increasingly being used to deliver malware Bjyda 0 3,594 02-24-2021 , 11:38 PM
Last Post: Bjyda
  VPN bypass vulnerability in Apple iOS sidemoon 0 1,455 03-26-2020 , 08:53 PM
Last Post: sidemoon
  TrickBot Uses a New Windows 10 UAC Bypass to Launch Quietly Mohammad.Poorya 0 1,339 01-31-2020 , 07:55 PM
Last Post: Mohammad.Poorya
  Yet Another Bypass: Is 2FA Broken? Authentication Experts Weigh In Bjyda 0 1,673 01-12-2019 , 04:52 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)