Hacking Tool Bypassing Multi-Factor Authentication

Cybersecurity firm Radius Technologies is sounding the alarm for small businesses over phishing scams using a new tool to bypass security measures. The Cork-based company says EvilProxy has been used by cybercriminals all over the world in recent months to compromise email accounts.

It’s of particular concern because EvilProxy bypasses most forms of multi-factor authentication, which is the primary defence used by many organisations against their accounts being compromised. It’s also a more powerful and user-friendly hacking tool than previous methods of its kind.

Director of Radius Technologies Kevin O’Regan says the people behind EvilProxy have gone to great lengths to help more hackers use their system: “Much like any legitimate platform, it’s easy to set up, offers training and instructional videos, has a user friendly interface and a library of assets to help fool people into thinking they’re dealing with trustworthy internet resources”.

Experts refer to EvilProxy as an adversary-in-the-middle (AiTM) attack framework, which is offered as a cheap, easy to use service on the dark web amongst cybercriminals.

Once downloaded, threat actors deploy EvilProxy to craft phishing emails that link users to websites that look just like legitimate sign-in pages for services like Google Workspace and Microsoft 365.

These sites then redirect the user to legitimate login sites, allowing them to see and collect user credentials, valid session cookies and effectively sit in the middle of the Multi-Factor Authentication process. They can then repeatedly access accounts without the need to log in again.

Kevin O’Regan says it’s time for SMEs to go further than basic Multi-Factor Authentication: “Sometimes small businesses think they’re not big enough for hackers to bother with, but we’ve seen the impact these incidents have on big and small organisations. Hackers don’t care who they attack, they just want money or your data. The first step towards protecting your business and data is always up-to-date training for your teams so they can spot any unusual email activity or website addresses and raise the alarm. Your tech team can also strengthen your authentication strategy. It can be a painstaking process but if the alternative is being more vulnerable to attack, then it’s worth every moment”.