- Hackers use adaptable phishing kits with vishing to bypass MFA in real time
- Victims are profiled, tricked via spoofed calls, and redirected to customized phishing sites
- Okta urges phishing-resistant 2FA and network controls to block these attacks
Hackers have started using highly sophisticated, adaptable phishing kits, which complement their vishing attacks by adapting in real time, experts have warned.
Security researchers from Okta revealed they “detected and dissected” multiple custom phishing kits which are currently being used to target people’s Google, Microsoft, and Okta accounts, as well as a range of cryptocurrency providers.
The attack starts with the threat actor profiling the victim, learning about the apps, and the IT support phone numbers they use. Then, they deploy a customized phishing site and call the victims via a spoofed company or support phone number.
Using phishing-resistant 2FA
In the next steps, they trick the victim into visiting the customized phishing site and trying to log in. The credentials are immediately relayed to the attacker who, in turn, uses the data to log into the legitimate service. If they are presented with any form of MFA (non-phishing resistant), they can update the phishing site, in real time, to prompt the user to complete the process.
Okta says the quality of the tool and the agility it provides made vishing, as an attack type, more popular:
“Once you get into the driver’s seat of one of these tools, you can immediately see why we are observing higher volumes of voice-based social engineering,” said Moussa Diallo, threat researcher at Okta Threat Intelligence.
“Using these kits, an attacker on the phone to a targeted user can control the authentication flow as that user interacts with credential phishing pages. They can control what pages the target sees in their browser in perfect synchronization with the instructions they are providing on the call. The threat actor can use this synchronization to defeat any form of MFA that is not phishing-resistant.”
Defending against these attacks requires deploying phishing resistant 2FA, Okta stressed. That can include one of its products, or a passkey. “Or both, for the sake of redundancy”. The company also said that threat actors are “frustrated” when network zones and tenant access control lists are set up, since they deny access via the anonymizing services that they prefer.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
