Phishing attacks are evolving in order to help hackers bypass multi-factor authentication (MFA) protections designed to stop cyber criminals from exploiting stolen usernames and passwords for accounts.
The use of multi-factor authentication, which needs the user to enter a code or sign in to an additional app in order to log in to their account, has grown in recent years, as it’s commonly seen as one of the simplest tools that organisations and individuals can deploy across accounts in order to help keep them secure.
But while this has made conducting attacks harder for cyber criminals, that isn’t putting them off – and cybersecurity researchers at Proofpoint have detailed how there’s been a rise in phishing kits designed to bypass MFA.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
Phishing kits have long been a popular tool among cyber criminals, allowing them to harvest credentials and use them – in many cases, they’re available on the open web and only cost a few dollars, fuelling large numbers of attacks.
Now phishing kits are evolving, boasting tools and techniques that allow cyber criminals to bypass or steal multi-factor authentication tokens. These range from relatively simple open-source kits, to sophisticated kits that come with several layers of obfuscation and modules that allow attackers to steal usernames, passwords, MFA tokens, social security numbers, credit card numbers, and more.
One of the techniques gaining popularity is the use of phishing kits. Rather than relying on recreating a target website, as phishing usually might, these kits instead take advantage of reverse proxy servers – applications that sit between the internet and the web server in order to help services run smoothly.
By exploiting this situation with phishing kits, attackers can not only steal usernames and passwords, but also session cookies, enabling access to the targeted account.
While these particular phishing kits are currently uncommon – even those that have existed in one way or another for years – Proofpoint researchers warn that it’s likely there will be greater adoption of these techniques as MFA forces cyber criminals to adapt.
“They are easy to deploy, free to use, and have proven effective at evading detection. The industry needs to prepare to deal with blind spots like these before they can evolve in new unexpected directions,” warned researchers.
MORE ON CYBERSECURITY
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
