GBHackers News reports that cybercriminals are escalating their tactics to circumvent multi-factor authentication, using adversary-in-the-middle attacks and reverse proxies to steal credentials and session cookies.
By mimicking legitimate websites, these proxies trick users into providing sensitive information, allowing attackers to bypass MFA and sometimes even register persistent authentication devices. The rise of Phishing-as-a-Service kits like Evilproxy and Tycoon 2FA is lowering the barrier for entry, enabling even low-skilled actors to carry out sophisticated breaches. These kits often include advanced features like user-agent filtering and obfuscated JavaScript, making detection harder. While open-source tools such as Evilginx were originally built for ethical testing, they are now frequently misused for malicious campaigns. As MFAs limitations become clear, WebAuthn has emerged as a promising alternative. By eliminating passwords and binding credentials to domains through public key cryptography, it effectively neutralizes phishing attempts, but adoption remains limited. Cisco Talos urges organizations to accelerate the shift to passwordless methods before cyberthreats outpace security defenses.
By mimicking legitimate websites, these proxies trick users into providing sensitive information, allowing attackers to bypass MFA and sometimes even register persistent authentication devices. The rise of Phishing-as-a-Service kits like Evilproxy and Tycoon 2FA is lowering the barrier for entry, enabling even low-skilled actors to carry out sophisticated breaches. These kits often include advanced features like user-agent filtering and obfuscated JavaScript, making detection harder. While open-source tools such as Evilginx were originally built for ethical testing, they are now frequently misused for malicious campaigns. As MFAs limitations become clear, WebAuthn has emerged as a promising alternative. By eliminating passwords and binding credentials to domains through public key cryptography, it effectively neutralizes phishing attempts, but adoption remains limited. Cisco Talos urges organizations to accelerate the shift to passwordless methods before cyberthreats outpace security defenses.
