The Use of Phishing Toolkits to ByPass 2FA is on the Rise

Phishing toolkits and their rise

• Researchers discovered over 1,200 such toolkits in use. The rising trend is apparently due to tech firms making 2FA as default security.
• Attackers are using new tools to steal users’ authentication cookies, which are essentially files created in a web browser whenever a user logs into an account after the 2FA process. 
• In most cases, the attackers used a type of infostealers to steal authentication cookie files from computers.
• In another technique, hackers intercept the authentication cookies while they are in transit from the service provider to a user’s device, aka MitM. This does not rely on infecting a computer with malware.

Real-time phishing vs MitM

• Real-time phishing is a case where an operator sits in front of a web panel when a user is interacting with a phishing site. When it’s time to enter 2FA codes, threat actors prompt the user for the actual 2FA code, via email, SMS, or authenticator app. 
• Hackers collect the 2FA token and use it on the real site, establishing an indirect but legitimate connection between their system and the victim’s account. 
• Real-time hacking is suitable for breaking into online banking sites as user login sessions tend to run out of time quickly and every re-authentication attempt requires another 2FA code.
• But, it all changes when users are provided with more relaxed rules around user login sessions. MitM phishing attacks are suitable in these scenarios. 
• Hackers use phishing kits to relay traffic between the phishing site, the victim, and the genuine service.

Conclusion