- Hackers use adaptable phishing kits with vishing to bypass MFA in real time
- Victims are profiled, deceived through scam calls and redirected to personalized phishing sites.
- Okta recommends 2FA and phishing-resistant network controls to block these attacks
Hackers have begun using highly sophisticated and adaptable phishing kits, which complement their vishing attacks by adapting in real time, experts warn.
Okta security researchers have revealed they have “detected and dissected” several custom phishing kits that are currently being used to target Google, Microsoft and Okta accounts, as well as a range of cryptocurrency providers.
The attack begins when the malicious actor profiles the victim, discovers the applications and phone numbers of the IT support they use. Then, they deploy a personalized phishing site and call victims through a spoofed company or support phone number.
Use phishing-resistant 2FA
In the next steps, they trick the victim into visiting the personalized phishing site and trying to log in. The credentials are immediately passed to the attacker who, in turn, uses the data to connect to the legitimate service. If they are presented with any form of MFA (non-phishing resistant), they can update the phishing site, in real time, to prompt the user to complete the process.
Okta claims that the quality of the tool and the agility it offers has made vishing, as a type of attack, more popular:
“Once you’re in the driver’s seat of one of these tools, you can immediately understand why we’re seeing higher volumes of voice-based social engineering,” said Moussa Diallo, threat researcher at Okta Threat Intelligence.
“Using these kits, an attacker on the phone with a targeted user can control the authentication flow when that user interacts with credential phishing pages. They can control the pages the target sees in their browser in perfect synchronization with the instructions they provide during the call. The threat actor can use this synchronization to defeat any form of MFA that is not resistant to phishing.”
Defending against these attacks requires deploying phishing-resistant 2FA, Okta emphasized. This may include one of its products or a password. “Or both, for the sake of redundancy.” The company also said bad actors become “frustrated” when network zones and tenant access control lists are implemented because they deny access through the anonymization services they prefer.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
