- Joined
- May 15, 2016
- Messages
- 14,159
- Likes
- 2,643
- Points
- 1,730
This is a significant jump from the roughly 200 phishing resources in late 2018 and early 2019.
A group of researchers from Stony Brook University and information security firm Palo Alto Networks have discovered more than 1.2 thousand sets of phishing tools that allow cybercriminals to bypass security codes with two-factor authentication (2FA).
MitM (Man-in-the-Middle) phishing tools have become extremely popular in the cybercriminal world in recent years after major tech companies started making 2FA a must-have security feature for their users. Attackers who tricked a user into entering credentials on a phishing site found that the stolen credentials became useless because they could not bypass the 2FA procedure.
To counter the new trend, hackers began to implement new tools that would allow them to bypass 2FA by stealing user authentication cookies. Over the past few years, cybercriminals have slowly adapted their old phishing tools to bypass 2FA procedures, mainly through two methods - real-time phishing and MitM phishing toolkits. The first method relies on an operator sitting in front of the web panel while the user navigates and interacts with the phishing site. Phishing kits, in turn, are adapted to act as reverse proxy servers that relay traffic between a victim, a phishing site, and a legitimate service.
Many of these MitM phishing toolkits are based on tools developed by security researchers such as Evilginx, Muraena, and Modlishka.
The experts analyzed 13 versions of these three MitM phishing toolkits and created digital fingerprints for web traffic that travels through fraudulent resources. They used their findings to develop a tool called PHOCA that could determine if a phishing site was using a reverse proxy.
Between March 2020 and March 2021, they sent PHOCA URLs that the cybersecurity community flagged as phishing. According to the study, 1,220 of the tagged sites used the MitM phishing toolkits. This is a significant jump from the roughly 200 phishing sites using reverse proxies in late 2018 and early 2019.
The reason for this popularity may be due to the fact that most of them are free to download, easy to run, and there are many tutorials and collaboration suggestions on the hacker forums.
__________________
A group of researchers from Stony Brook University and information security firm Palo Alto Networks have discovered more than 1.2 thousand sets of phishing tools that allow cybercriminals to bypass security codes with two-factor authentication (2FA).
MitM (Man-in-the-Middle) phishing tools have become extremely popular in the cybercriminal world in recent years after major tech companies started making 2FA a must-have security feature for their users. Attackers who tricked a user into entering credentials on a phishing site found that the stolen credentials became useless because they could not bypass the 2FA procedure.
To counter the new trend, hackers began to implement new tools that would allow them to bypass 2FA by stealing user authentication cookies. Over the past few years, cybercriminals have slowly adapted their old phishing tools to bypass 2FA procedures, mainly through two methods - real-time phishing and MitM phishing toolkits. The first method relies on an operator sitting in front of the web panel while the user navigates and interacts with the phishing site. Phishing kits, in turn, are adapted to act as reverse proxy servers that relay traffic between a victim, a phishing site, and a legitimate service.
Many of these MitM phishing toolkits are based on tools developed by security researchers such as Evilginx, Muraena, and Modlishka.
The experts analyzed 13 versions of these three MitM phishing toolkits and created digital fingerprints for web traffic that travels through fraudulent resources. They used their findings to develop a tool called PHOCA that could determine if a phishing site was using a reverse proxy.
Between March 2020 and March 2021, they sent PHOCA URLs that the cybersecurity community flagged as phishing. According to the study, 1,220 of the tagged sites used the MitM phishing toolkits. This is a significant jump from the roughly 200 phishing sites using reverse proxies in late 2018 and early 2019.
The reason for this popularity may be due to the fact that most of them are free to download, easy to run, and there are many tutorials and collaboration suggestions on the hacker forums.
__________________