According to Proofpoint, threat actors will continue to evolve their tactics to bypass user defenses in 2022, with multi-factor authentication (MFA) bypass kits accounting for millions of phishing messages.
While off-the-shelf toolkits have contributed to the prevalence of phishing against cybercrime gangs over the last few years, specialized tools dedicated to MFA bypasses are relatively new, according to a new report from Proofpoint. increase. Human Factors 2023.
For more information on MFA bypass, see 2022 Phone Attacks and Phishing with MFA Bypass.
Proofpoint highlighted that three popular toolkits will be particularly prolific in 2022: EvilProxy, Evilginx2, and NakedPages.
EvilProxy is an advanced phishing-as-a-service platform, while Evilginx2 is a red team tool that enables reverse proxy attacks against MFA. NakedPages is a ready-made phishing kit that also uses reverse proxy technology.
“MFA is still an essential part of defense in depth, and enabling MFA remains a best practice,” said Proofpoint. “However, the increase in these techniques should sound a loud alarm: Left unchecked, attackers can steal everything, even MFA tokens.”
The report also notes that telephonic delivery of attacks (TOAD) threats are also on the rise, reaching more than 13 million per month in 2022.
This new threat usually begins with a phishing message, such as a bogus invoice, urging the recipient to call a phone helpline. By doing so, they are contacting call centers run by fraudsters directly instead of legitimate call centers.
Upon answering the phone, the victim could be tricked into installing malware or being granted access to their machine by call center personnel.
Proofpoint highlighted BazaCall as a particularly prolific early victim of the TOAD threat, luring victims with lures such as fake movie streaming sites and unannounced Justin Bieber tours. This group typically tries to trick victims over the phone into downloading the now-defunct BazaLoader malware.
Proofpoint argued that the sheer number of TOAD threat detections in the millions each month indicates that TOAD threats are being adopted by more and less sophisticated groups.
Elsewhere, Proofpoint detects a 12x increase in “conversational” scams such as romance scams, fake job ads and pig butcher crypto scams, making it the fastest growing threat in the mobile space It has become.
