A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics.
More and more phishing kits are focusing on bypassing multi-factor authentication (MFA) methods, researchers have warned – typically by stealing authentication tokens via a man-in-the-middle (MiTM) attack.
As MFA continues to see widespread consumer and business adoption – a full 78 percent of respondents in a recent poll said they used it in 2021 – cybercriminals have devoted resources into keeping up. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, “ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers.”
Researchers also noted that MFA-bypass kits represent a security blind spot, with the associated IP addresses and domains often skating by VirusTotal detection.
Transparent Reverse Proxy Trickery
According to Proofpoint, one of the phishing-kit approaches that’s particularly gaining steam is the use of transparent reverse proxies (TRPs), which enable attackers to insert themselves into existing browser sessions. This MiTM approach lets adversaries