There is no doubt that threat actors are becoming more organised, with skilled organisations, not only carrying out attacks, but suppling highly capable hacking tools to less skilled organisations – fo a cut of the illicit profits:
New EvilProxy service lets all hackers use advanced phishing tactics (bleepingcomputer.com)
This one is more worrying for businesses, organisation and individuals who are trying to defend against phishing and social engineering attacks, as it makes it easier and removes a technology barrier to hacking groups wanting to get into phishing – which means more phishing emails.
Add to this that the reverse-proxy attack, that is being provided as a service, is a very technical attack, which promises to bypass security steps we all use, such as MFA, then the threat just increases for us all.
Could your team recognise a phishing email – every time? Are they equipped to recognise it most of the time?
Clive Catton MSc (Cyber Security) – by-line and other articles
Multi-factor authentication (MFA) is also referred to as dual-factor authentication (DFA) and two factor authentication (2FA). All have the same function to securely provide a one time password (OTP), only to the authorised user, so they can get access to a service. Examples of services that implement MFA for added security are; Microsoft 365, Google, WordPress and Amazon among many, many others.
A Quick overview of MFA:
