More companies are using multi-factor authentication. Hackers are looking for a way to beat it
Phishing attacks are evolving in order to help hackers bypass multi-factor authentication (MFA) protections designed to stop cyber criminals from exploiting stolen usernames and passwords for accounts.
The use of multi-factor authentication, which needs the user to enter a code or sign in to an additional app in order to log in to their account, has grown in recent years, as it’s commonly seen as one of the simplest tools that organisations and individuals can deploy across accounts in order to help keep them secure.
But while this has made conducting attacks harder for cyber criminals, that isn’t putting them off – and cybersecurity researchers at Proofpoint have detailed how there’s been a rise in phishing kits designed to bypass MFA.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
Phishing kits have long been a popular tool among cyber criminals, allowing them to harvest credentials and use them – in many cases, they’re available on the open web and only cost a few dollars, fuelling large numbers of attacks.
Now phishing kits are evolving, boasting tools and techniques that allow cyber criminals to bypass or steal multi-factor authentication tokens. These range from relatively simple open-source kits, to sophisticated kits that come with several layers of obfuscation and modules that allow attackers to steal usernames, passwords, MFA tokens, social security numbers, credit card numbers, and more.
One of the techniques gaining popularity is the use of phishing kits. Rather than relying on recreating a target website, as phishing usually might, these kits instead take advantage of reverse proxy servers – applications that sit between the internet and the web server in order to help services run smoothly.
By exploiting this situation with phishing kits, attackers can not only steal usernames and passwords, but also session cookies, enabling access to the targeted account.
While these particular phishing kits are currently uncommon – even those that have existed in one way or another for years – Proofpoint researchers warn that it’s likely there will be greater adoption of these techniques as MFA forces cyber criminals to adapt.
“They are easy to deploy, free to use, and have proven effective at evading detection. The industry needs to prepare to deal with blind spots like these before they can evolve in new unexpected directions,” warned researchers.