Security News

The increased use of multi-factor authentication has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. Proofpoint researchers have flagged three such phishing kits: Modlishka, Muraena/Necrobrowser, and Evilginx2.

More and more phishing kits are focusing on bypassing multi-factor authentication methods, researchers have warned - typically by stealing authentication tokens via a man-in-the-middle attack. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, "Ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers."

Then we had two-factor authentication - and now Proofpoint reckons criminals online are able to start bypassing them with transparent reverse proxies. In a blog post Proofpoint said it sees "Numerous MFA phishing kits ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, social security numbers and credit card numbers."

Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended. Intuit's alert follows reports received from customers who were emailed and told that their Intuit accounts were disabled following a recent server security upgrade.

Office 365 and Azure Active Directory customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft. "From January 2021 through December 2021, we've blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365," said Vasu Jakkal, Microsoft's Corporate Vice President for Security, Compliance, and Identity.

The rising adoption of multi-factor authentication for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools. The increasing use of MFA has pushed phishing actors to use transparent reverse proxy solutions, and to cover this rising demand, reverse proxy phish kits are being made available.

The study, which included 82,402 participants, tested how employees from four different organizations responded to emails that simulated one of four commonly used phishing tactics. According to Matthew Connor, F-Secure Service Delivery Manager and lead author of the report, the study's most notable finding was that people working in 'technical' roles seemed equally or even more susceptible to phishing attempts than the general population.

Finland's National Cyber Security Centre warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats. In the alert, the NCSC-FI says that all Facebook users who received messages from online acquaintances asking for their phone numbers and a verification number delivered via SMS are the targets of this ongoing scam.

The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication, thereby making it possible for the adversary to take advantage of the target's bring-your-own-device policy and introduce their own rogue devices using the pilfered credentials. "Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via lateral phishing as well as beyond the network via outbound spam."

Microsoft's threat analysts have uncovered a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices onto the target's network and use them to distribute phishing emails. "The inbox rule allowed the attackers to avoid arousing the compromised users' suspicions by deleting non-delivery reports and IT notification emails that might have been sent to the compromised user."