- Hackers use adaptive phishing kits with vishing to bypass MFA in real time
- Victims are profiled, tricked through fake calls, and redirected to personalized phishing sites.
- Okta urges 2FA and phishing-resistant network controls to block these attacks
Hackers have begun using highly sophisticated, adaptive phishing kits, which complement their vishing attacks by adapting in real time, experts have warned.
Okta security researchers revealed that they “detected and analyzed” multiple custom phishing kits currently being used to target people’s Google, Microsoft, and Okta accounts, as well as a variety of cryptocurrency providers.
The attack begins when the threat actor profiles the victim, learning about the applications and IT support phone numbers they use. They then deploy a custom phishing site and call victims through a spoofed company or support phone number.
Using phishing-resistant 2FA
In the next steps, they trick the victim into visiting the spear phishing site and trying to log in. The credentials are immediately transmitted to the attacker, who, in turn, uses the data to log in to the legitimate service. If they are presented with any type of MFA (non-phishing resistant), they can update the phishing site, in real time, to prompt the user to complete the process.
Okta says that the quality of the tool and the agility it provides made vishing, as a type of attack, more popular:
“Once you get in control of one of these tools, you can immediately see why we’re seeing higher volumes of voice-based social engineering,” said Moussa Diallo, threat researcher at Okta Threat Intelligence.
“Using these kits, an attacker on a target user’s phone can control the authentication flow as that user interacts with credential phishing pages. They can control which pages the target sees in their browser in perfect sync with the instructions they are providing in the call. The threat actor can use this synchronization to defeat any form of MFA that is not phishing-resistant.”
Defending against these attacks requires implementing phishing-resistant 2FA, Okta emphasized. That may include one of your products or an access key. “Or both, for redundancy reasons.” The company also said that threat actors become “frustrated” when setting up network zones and tenant access control lists, as they deny access through the anonymous services they prefer.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
