MFA Bypass Kits Account For One Million Monthly Messages

Written by

Threat actors continued to evolve their tactics to sidestep user defenses in 2022, with multi-factor authentication (MFA) bypass kits accounting for millions of phishing messages, according to Proofpoint.

Off-the-shelf toolkits have helped to democratize phishing to the cybercrime masses for several years, but specialized tools dedicated to MFA bypass are a relatively new sight, Proofpoint said in its latest report, The Human Factor 2023.

Read more on MFA bypass: Phone Attacks and MFA Bypass Drive Phishing in 2022.

Proofpoint highlighted three popular toolkits – EvilProxy, Evilginx2 and NakedPages – as being particularly prolific in 2022.

EvilProxy is an advanced phishing-as-a-service platform, while Evilginx2 is a red team tool enabling reverse proxy attacks against MFA. NakedPages is an off-the-shelf phishing kit that also uses reverse proxy techniques.

“MFA is still an integral part of defense in depth, and activating it remains best practice,” said Proofpoint. “But the growth of these techniques should signal a loud note of caution: attackers will take everything if you let them – even your MFA tokens.”

Also on the rise are telephone-oriented attack delivery (TOAD) threats, which peaked at over 13 million per month in 2022, according to the report.

This novel threat typically begins with a phishing message – such as a fake invoice – which encourages the recipient to call a telephone helpline. Doing so will put them in direct contact not with a legitimate call center, but one run by a fraud gang.

Once on the phone, the victim may be tricked into installing malware or granting the call center operative access to their machine.

Proofpoint highlighted BazaCall as a particularly prolific early exponent of the TOAD threat, using lures like fake movie streaming sites and unannounced Justin Bieber tours to reel in victims. The group would typically try to trick the victim over the phone into downloading the now-defunct BazaLoader malware.

Proofpoint claimed that the sheer number of TOAD threats, detected in their millions on a monthly basis, indicate their adoption by a larger number of less sophisticated groups.

Elsewhere, Proofpoint detected a twelvefold increase in “conversational” scams including romance fraud, fake job ads and pig butchering crypto fraud – making it the fastest growing threat in the mobile space.

What’s hot on Infosecurity Magazine?