Growing Number of Phish Kits Bypass MFA

Growing Number of Phish Kits Bypass MFA

Phishing kits designed to circumvent multi-factor authentication (MFA) by stealing session cookies are increasingly popular on the cybercrime underground, security researchers at Proofpoint have warned.

After years of prompting by security teams and third-party experts, MFA finally appears to have reached a tipping point of user adoption. Figures from Duo Security cited by Proofpoint in a new blog today claim that 79% of UK and US users deployed some kind of second-factor authentication in 2021 versus 53% in 2019.

However, the threat landscape is changing as a result. Phishing kits offer a cheap-and-easy way for budding cyber-criminals to launch and monetize campaigns.

“In recent years, Proofpoint researchers have observed the emergence of a new type of kit that does not rely on recreating a target website. Instead, these kits use a transparent reverse proxy to present the actual website to the victim,” the firm explained.

“Modern web pages are dynamic and change frequently. Therefore, presenting the actual site instead of a facsimile greatly enhances the illusion an individual is logging in safely. Another advantage of the reverse proxy is that it allows the threat actor to man-in-the-middle (MitM) a session and capture not only the usernames and passwords in real-time, but also

Read More: