In this blog, we will answer how your organisation can defend against Evil Proxy – as well as Man in the Middle attacks more generally.
In recent months, there have been a number of articles and posts around the rise of a new Phishing as a Service platform known as ‘Evil Proxy’. Many of these articles discuss how the platform allows criminals to ‘easily’ bypass Two Factor Authentication (2FA) and predict that low-skill attackers will drive significant uptake of the tool. While there has been discussion on what the tool it and how it is being used, little has been said on how organisations should counteract it.
What is Evil Proxy?
In short, Evil Proxy is a service-based offering allowing “anyone” (providing you pass the bad guy vetting process) access to a web-based platform to launch and manage Man in the Middle (MiTM) phishing campaigns.
These phishing techniques are not new and have been used to great effect by threat actors and red teams alike for years. Historically, these techniques weren’t used frequently given that the majority of organisations still hadn’t fully rolled out Multifactor Authentication (MFA). However, the growing proliferation of MFA support across most products and services has forced attackers and red teams to utilise these methods more frequently. Today, they are used as standard.
Below is a simplified diagram of a standard attack process.
What is Evil Proxy?
In short, Evil Proxy is a service-based offering allowing “anyone” (providing you pass the bad guy vetting process) access to a web-based platform to launch and manage Man in the Middle (MiTM) phishing campaigns.
These phishing techniques are not new and have been used to great effect by threat actors and red teams alike for years. Historically, these techniques weren’t used frequently given that the majority of organisations still hadn’t fully rolled out Multifactor Authentication (MFA). However, the growing proliferation of MFA support across most products and services has forced attackers and red teams to utilise these methods more frequently. Today, they are used as standard.
Below is a simplified diagram of a standard attack process.
Additional Reading
- https://www.netskope.com/blog/multi-factor-authentication-mfa-bypass-through-man-in-the-middle-phishing-attacks
- https://www.bleepingcomputer.com/news/security/new-evilproxy-service-lets-all-hackers-use-advanced-phishing-tactics/
- https://thehackernews.com/2022/09/new-evilproxy-phishing-service-allowing.html
- https://github.com/kgretzky/evilginx2
- https://github.com/drk1wi/Modlishka
- https://breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/