At Kinetics, we’ve always emphasized the importance of multi-factor authentication (MFA) as a critical layer in cybersecurity. Without MFA, it’s only a matter of time before you fall victim to a cyber attack.
However, as we’ve also mentioned, no single defense is enough. Cybersecurity needs to be layered, and that includes MFA.
Without MFA, you WILL get hacked – it is only a matter of time.
BuT MFA by itself is not enough.
Recently, cybercriminals have been using a platform called “Tycoon 2FA phishing-as-a-service” to target Microsoft 365 and Gmail accounts, bypassing two-factor authentication. This platform is similar to early hacks like “Dadsec,” indicating code-sharing among the hacker community.
The latest version of Tycoon 2FA, released in 2024, shows a continuous effort to improve its stealth capabilities. It leverages 1,100 domains and has been identified in numerous phishing attacks. These attacks typically follow a multi-step process:
- Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
- A security challenge filters out bots, allowing only human interactions to proceed to the deceptive phishing site.
- Background scripts extract the victim’s email from the URL to customize the phishing attack.
- Users are quietly redirected to another part of the phishing site, moving them closer to the fake login page. This presents a fake Microsoft or Google login page to steal credentials.
- The kit mimics a 2FA challenge, intercepting the 2FA token or response to bypass security measures.
- Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack’s success.
At Kinetics, our KARE Foundation defends you with DNS scrubbing, a browser extension, and geo-blocking, among other tools, to protect your organization from these types of attacks. Stay vigilant and stay protected with Kinetics.
Read more:
https://www.bleepingcomputer.com/ne…ing-kit-targets-microsoft-365-gmail-accounts/
https://blog.sekoia.io/tycoon-2fa-a…-the-latest-version-of-the-aitm-phishing-kit/
At Kinetics, we’ve always emphasized the importance of multi-factor authentication (MFA) as a critical layer in cybersecurity. Without MFA, it’s only a matter of time before you fall victim to a cyber attack.
However, as we’ve also mentioned, no single defense is enough. Cybersecurity needs to be layered, and that includes MFA.
Without MFA, you WILL get hacked – it is only a matter of time.
BuT MFA by itself is not enough.
Recently, cybercriminals have been using a platform called “Tycoon 2FA phishing-as-a-service” to target Microsoft 365 and Gmail accounts, bypassing two-factor authentication. This platform is similar to early hacks like “Dadsec,” indicating code-sharing among the hacker community.
The latest version of Tycoon 2FA, released in 2024, shows a continuous effort to improve its stealth capabilities. It leverages 1,100 domains and has been identified in numerous phishing attacks. These attacks typically follow a multi-step process:
- Attackers distribute malicious links via emails with embedded URLs or QR codes, tricking victims into accessing phishing pages.
- A security challenge filters out bots, allowing only human interactions to proceed to the deceptive phishing site.
- Background scripts extract the victim’s email from the URL to customize the phishing attack.
- Users are quietly redirected to another part of the phishing site, moving them closer to the fake login page. This presents a fake Microsoft or Google login page to steal credentials.
- The kit mimics a 2FA challenge, intercepting the 2FA token or response to bypass security measures.
- Finally, victims are directed to a legitimate-looking page, obscuring the phishing attack’s success.
At Kinetics, our KARE Foundation defends you with DNS scrubbing, a browser extension, and geo-blocking, among other tools, to protect your organization from these types of attacks. Stay vigilant and stay protected with Kinetics.
Read more:
https://www.bleepingcomputer.com/ne…ing-kit-targets-microsoft-365-gmail-accounts/
https://blog.sekoia.io/tycoon-2fa-a…-the-latest-version-of-the-aitm-phishing-kit/