Low-Detection Phishing Kits Increasingly Bypass MFA

2022-02-03 22:10

More and more phishing kits are focusing on bypassing multi-factor authentication methods, researchers have warned - typically by stealing authentication tokens via a man-in-the-middle attack.

According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, "Ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers."

Researchers also noted that MFA-bypass kits represent a security blind spot, with the associated IP addresses and domains often skating by VirusTotal detection.

TRP kits show "The actual website to the victim," researchers noted in a Thursday analysis.

Once a victim clicks on the malicious link, they are taken to a secure page to log in, where the attackers lift the credentials, MFA codes and session cookies.

While these tools aren't new, they're being increasingly used to bypass MFA, the firm noted, which is worrying given their lack of detection.

News URL

https://threatpost.com/low-detection-phishing-kits-bypass-mfa/178208/

#bypass #MFA #phishing