Researchers have discovered the existence of a hazardous cybersecurity application related to Phishing-as-a-service and MFA. Specifically, it is a tool for sale on the dark web that allows criminal hackers to bypass MFA (multi-factor authentication) mechanisms. As a result, hackers can break into organizations’ systems much more easily and quickly than in the past.

What is this dangerous Phishing app?

The application in question is called “Evil Proxy” and is available with a monthly subscription of up to about 395 euros. It is the latest in a series of PhaaS (phishing-as-a-service) models that allow criminals to target organizations through automated means.

Unlike traditional phishing scams, hackers save considerable time by creating pretexts and exploiting vulnerabilities.

As a result, this Phishing-as-a-service technique facilitates cybercrime with its ability to bypass MFA.
Consequently, cyber attacks have become much more dangerous.

The discovery of EvilProxy had the companion of a report from cloud security company Mitiga. In particular, there were reports that cybercriminals combined phishing with AitM (Adversary In The Middle) techniques. That way, they could bypass the MFA.

This phishing attack targets cloud-based Office 365 executive accounts, with the fraudsters having lengthy correspondence with business executives. During the contact, the scammer will request payment for an outstanding invoice and provide doctored account details.

What is Adversary in the middle?

The Adversary in the middle is a relatively new type of phishing that has taken cues from the established MitM (man-in-the-middle) attack technique.

Mitiga’s investigation found that the attackers were sending emails impersonating DocuSign. When users clicked, they would go to a Microsoft 365 login page.

Then, by entering their information, the user inadvertently gave it to the attackers.
This action is the basis of a traditional phishing scam, but the attack has a second layer. The scammers use a proxy server that sits between the client and the real Microsoft server.

You can continue reading the article “How Phishing-as-a-service overcomes the security provided by MFA” in Greek.