Bulletin
What’s the news?
Threat actors have been found to be using phish kits that leverage transparent reverse proxy, which enables them to man-in-the-middle (MitM) a browser session and steal credentials and session cookies in real-time.
What’s the threat and why is it effective?
Man in the Middle (MItM) style attacks have been around for a while, but to see them now being used as part of phishing kits demonstrates the adaptability of cybercriminals.
This phishing-kit approach is a cheap, simple but effective approach for attackers to harvest and capture information like people’s credentials and bypass MFA. With TRP kits, you lose the visual indicators that indicate you’re on a fake website, because the real one is being used while your information is being captured through the attacker’s proxy.
Unlike conventional phishing attacks, where you can typically see red flags in the fake website the attacker is using such as a strange looking URL or poor design, these attacks make it extremely difficult for an end user to determine whether they’re being phished. Even someone who knows what to look for could easily fall victim.
What can be done to prevent it?
To prevent people falling for these types of attacks, organizations must have multi-factor authentication and password managers in place to maximize password protection. Also I highly recommend using VPNs to mitigate this kind of threat. VPNs encrypt the traffic, so if you do have a Man in the Middle, the bad actors are not able to see the sensitive information and data they are desperately looking for.
