At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    New EvilProxy service lets all hackers use advanced phishing tactics

    A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI.

    The service enables low-skill threat actors who don’t know how to set up reverse proxies to steal online accounts that are otherwise well-protected.

    Reverse proxies are servers that sit between the targeted victim and a legitimate authentication endpoint, such as a company’s login form. When the victim connects to a phishing page, the reverse proxy displays the legitimate login form, forwards requests, and returns responses from the company’s website.

    When the victim enters their credentials and MFA to the phishing page, they are forwarded to the actual platform’s server, where the user is logged in, and a session cookie is returned. 

    However, as the threat actor’s proxy sits in the middle, it can also steal the session cookie containing the authentication token. The threat actors can then use this authentication cookie to log in to the site as the user, bypassing configured multi-factor authentication protections.

    Sophisticated APT groups have been employing reverse proxies for a while now to bypass MFA protections on target accounts, some using their own custom tools while others using more readily-deployable kits like Modlishka, Necrobrowser, and Evilginx2.

    The difference between these phishing frameworks and EvilProxy is that the latter is far simpler to deploy, offers detailed instructional videos and tutorials, a user-friendly graphical interface, and a rich selection of cloned phishing pages for popular internet services. As MFA adoption continues to increase, more threat actors turn to reverse-proxy tools, and the appearance of a platform that automates everything for the crooks isn’t good news for security professionals and network admins.

    For now, this problem remains addressable only by implementing client-side TLS fingerprinting to identify and filter out man-in-the-middle requests. However, the status of this implementation in the industry isn’t in sync with the developments. Hence, platforms like EvilProxy essentially bridge the skill gap and offer low-tier threat actors a cost-efficient way to steal valuable accounts.

    With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/new-evilproxy-service-lets-all-hackers-use-advanced-phishing-tactics/

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top