Low-Detection Phishing Kits Increasingly Bypass MFA

A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics.

More and more phishing kits are focusing on bypassing multi-factor authentication (MFA) methods, researchers have warned – typically by stealing authentication tokens via a man-in-the-middle (MiTM) attack.

As MFA continues to see widespread consumer and business adoption – a full 78 percent of respondents in a recent poll said they used it in 2021 – cybercriminals have devoted resources into keeping up. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, “ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers.”

Researchers also noted that MFA-bypass kits represent a security blind spot, with the associated IP addresses and domains often skating by VirusTotal detection.

Transparent Reverse Proxy Trickery

According to Proofpoint, one of the phishing-kit approaches that’s particularly gaining steam is the use of transparent reverse proxies (TRPs), which enable attackers to insert themselves into existing browser sessions. This MiTM approach lets adversaries

Read More: https://threatpost.com/low-detection-phishing-kits-bypass-mfa/178208/