Cracking MFA: A Dangerous New Phishing Threat

Highlights

*EvilProxy, a phishing-as-a-service kit, enables phishing attacks that bypass MFA security.

*Research shows EvilProxy is responsible for ~1 million attacks per month.

*Combating this threat requires proactive, multi-layered security measures.

Introduction

Multifactor authentication (MFA) has long been the top defense against phishing attempts targeting user credentials.

However, a new threat, EvilProxy, has emerged, capable of bypassing MFA, leaving hoteliers vulnerable to credential theft.

In this week’s feature of the VENZA Echo, we’ll explore how this attack works, how it’s growing in prevalence, and what proactive measures hoteliers can take to safeguard their employees.

Overview

EvilProxy is a phishing-as-a-service (PaaS) kit widely available on the dark web.

It leverages a technique called “adversary-in-the-middle,” where hackers set up a proxy ( an intermediary server) to trick users into entering their login credentials on a fake website. The proxy intercepts sensitive information like session cookies (which track your login status) and one-time passcodes from MFA.

Once cybercriminals have a victim’s account they may expand their phishing attacks on an organisation, even adding their own MFA to a compromised account to retain access.

Threat Landscape

Credit: Rencora


EvilProxy’s rapid adoption has fueled a sharp increase in sophisticated phishing attacks. Research shows it now contributes to an estimated 1 million phishing incidents each month.

Though EvilProxy has been on dark web marketplaces since 2022, it is now sold as a low-cost, user-friendly service. The tool can be packaged in custom kits that imitate platforms like Google, Apple, and Microsoft, making it easier for attackers to launch convincing phishing campaigns.

Between March and June 2023, over 120,000 phishing emails were sent using the malicious platform, primarily targeting C-suite executives and key personnel at U.S. organisations. As of July 2024, this threat continues to evolve, with EvilProxy’s creators releasing new guides on using Cloudflare services to enhance their kits.

Hotelier Defense

Although 89% of security professionals believe MFA provides full protection against account takeover, the rise of EvilProxy shows how digital threats have broad evolutionary potential.

Complex attacks demand defenses that are just as multifaceted and robust.

To mitigate the threat of EvilProxy phishing emails, hoteliers should consider these targeted actions:

1. Enhance Employee Training: Regularly train staff to identify phishing emails, especially those mimicking platforms like Microsoft or Google. Encourage employees to avoid clicking on links in unsolicited emails and instead visit the source directly. Provide advanced training for C-suite executives and key personnel, focusing on more sophisticated techniques and risks.

2. Apply Advanced Threat Detection and Response: Deploy email filtering tools to detect and block phishing attempts, isolating potentially harmful sessions triggered by malicious email links.

3. Monitor Activity: Continuously review login attempts and account activity for suspicious behavior. Apply conditional access policies that restrict sensitive account access based on location, device, or risk factors.

4. Utilize FIDO Physical Security Keys: Consider adopting FIDO authentication, which replaces passwords with public key cryptography and hardware security devices like smartphones. This method safeguards secure login by verifying identity through a local private key, limiting the transmission of credentials over the internet.

Conclusion 

EvilProxy’s ability to bypass MFA makes it a serious threat to hoteliers. To protect against current and future phishing attacks, hoteliers must proactively strengthen their security measures using a multi-pronged defense.  

Feeling overwhelmed? Don’t worry. VENZA, the leading experts in hospitality data protection, offers tailored training solutions to match your portfolio’s unique needs.  

Ready to get started? Contact Sales to discuss signing up for our programs or adding new solutions to your contract. 

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Human Firewall

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.