Security News > 2024 > March > New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication protection.
Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim's input and relays them to the legitimate service.
Stage 0 - Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
Stage 2 - Background scripts extract the victim's email from the URL to customize the phishing attack.
Stage 6 - Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack's success.
Regarding the scale of operations, Sekoia reports that it's substantial, as there's evidence of a broad user base of cybercriminals currently utilizing Tycoon 2FA for phishing operations.
News URL
Related news
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)