Security News > 2022 > February > Phishing kits' use of man-in-the-middle reverse proxies is growing, warns Proofpoint

Then we had two-factor authentication - and now Proofpoint reckons criminals online are able to start bypassing them with transparent reverse proxies.

In a blog post Proofpoint said it sees "Numerous MFA phishing kits ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, social security numbers and credit card numbers."

US DoD, Brit ISP BT reverse proxies can be abused to frisk internal systems - researcher.

The reverse proxy concept is simple: fool users into visiting a phishing page, use the reverse proxy to fetch all the legitimate content the user expects including login pages, and sniff their traffic as it passes through the proxy.

Proofpoint said it deployed an in-house machine learning tool it called Phoca and learnt that over 1,200 phishing sites it scanned were deploying reverse proxies to fetch genuine websites' content, passing off the fake site as the real deal.

Reverse proxy phishing kits are an evolution, so Proofpoint said, of the age-old man-in-the-middle concept.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/02/03/proofpoint_mitm_reverse_proxies/