Be Careful! Phishing Kits Bypassing MFA are Growing in Popularity

Attackers set eyes on bypassing MFA 

• The concept of MFA was first introduced in the year 1986 in the form of RSA tokens. Since then, it has seen widespread adoption both in the business and consumer space.
• According to a report from authentication solutions provider Duo, around 78% of respondents had adopted 2FA/MFA authentication in 2021 when compared to just 28% in 2017.
• As MFA continues to see widespread adoption, phishing kits to bypass this trusted layer of security are witnessing rising popularity among cybercriminals.
• In one such recent discovery, a team of academics highlighted that there are more than 1200 phishing toolkits that are capable of intercepting 2FA security codes. Although these toolkits are deployed in the wild, most of the instances have been found in North America and Europe.
• Furthermore, Proofpoint researchers explained the emergence of a new type of phishing kit that used a transparent reverse proxy to redirect victims to real-looking fake websites.
• As a result, this could allow attackers to launch Man-in-the-Middle (MitM) attacks and steal username and passwords in real-time, along with session cookies.
• The stolen session cookies can further be used by attackers to gain access to targeted accounts without the need for an MFA token. 

Other interesting observations

• Proofpoint researchers also flagged three phishing kits in particular—Modlishka, Muraena/Necrobrowser, and Evilginx2—that saw an uptick in use lately.
• These three kits, which earlier worked via phony websites, are now using the transparent reverse proxy to ensnare more victims.
• While these tools aren’t new, their effectiveness in evading detection poses a challenge for both individuals and organizations.

Final words