Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA

Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging reverse proxies to intercept sensitive data.

As phishing tactics grow more advanced, traditional defenses like spam filters and user training are proving insufficient.

Attackers deploy reverse proxies as intermediary servers to forward victim traffic to legitimate websites, creating an illusion of authenticity.

This setup allows them to capture usernames, passwords, and authentication cookies during the MFA process, effectively bypassing additional security layers.

The legitimate appearance of the targeted site-coupled with the correct functionality-often deceives users, with the only giveaway being a subtle discrepancy in the browser’s address bar.

Phishing-as-a-Service Kits Lower the Barrier for Attackers

The proliferation of Phishing-as-a-Service (PhaaS) toolkits such as Tycoon 2FA and Evilproxy has democratized these sophisticated attacks, enabling even novices to execute MFA bypass campaigns.

These kits come equipped with ...