MFA is No Silver Bullet
Passwords are the most popular method for securing access to data and devices, but threat actors are adept at stealing those passwords and bypassing password authentication. This has led to the popularity of Multi-Factor Authentication (MFA), which acts as an additional layer of defense against unwanted access. But now MFA is vulnerable to bad actors as well!
Popular MFA systems use SMS text messages or specialized apps to provide a second layer of authentication. When an account logon is attempted (for example, logging in to Google from a new device), an authentication request is sent to the owner of the device or account. The logon can only be completed after the authentication request is accepted. As long as the end user is careful not to accept any unexpected authentication requests, this will, in theory, prevent the attacker from completing a fraudulent log-in. Unfortunately, attackers are developing new social engineering techniques for bypassing SMS or authentication apps of MFA as exemplified by the recent high-profile breach of Uber’s systems. Malware and Man-in-the-Middle attacks have also been used to bypass authentication, but these attacks have historically been difficult to orchestrate, and available to only the most advanced threat actors. Now, a new service has emerged which makes these advanced attacks available to anyone willing to pay.
EvilProxy and PhaaS
Security researchers have previously noted the rise of Malware-as-a-Service and Ransomware-as-a-Service on the dark web.
Previously, carrying out a ransomware or malware attack required significant technical ability. When these services are offered on a rental basis, the barrier of entry is lowered, and the frequency of attacks increases. Now, advertisements on major dark web sites are offering Phishing as a Service (PhaaS). The most concerning of these services is currently EvilProxy, as it incorporates advanced technologies to bypass MFA. The service can be purchased for as little as $150 (2) for a 10-day subscription. Purchasers can generate an attack using a simple point-and-click interface. The service sends custom-tailored phishing emails to victims, and then uses a reverse-proxy method to intercept user names, passwords, and authentication tokens during the logon process. Attackers can target users of Google, Instagram, Twitter, and other major services, and multiple Fortune-500 companies have already fallen victim to EvilProxy attacks.
The Importance of Multi-Layered Defense
The rise of EvilProxy illustrates the importance of a multi-layered defense. The victims of EvilProxy thought they were doing the right thing. They may have been using strong passwords and MFA. In this case, a password manager could have provided an additional layer of protection. For an EvilProxy attack to succeed, the victim must be tricked into logging into their account through a page controlled by the attacker. A password manager would not recognize the attacker’s site, and the password manager would not fill in the user name and password.
Does your cybersecurity plan include multiple layers of protection? Are you protected against today’s advanced cyber-threats?
CISO Cyber Advantage has a team of experienced professionals that can answer these questions and ensure your business is protected from the latest security concerns.