Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is known for its ability to bypass multi-factor authentication measures.
“The Tycoon 2FA phishing kit is a sophisticated Phishing-as-a-Service (PhaaS) platform that emerged in August 2023, designed to bypass two-factor authentication (2FA) and multi-factor authentication (MFA) protections, primarily targeting Microsoft 365 and Gmail accounts,” Cybereason says.
“Utilizing an Adversary-in-the-Middle (AiTM) approach, it employs a reverse proxy server to host deceptive phishing pages that mimic legitimate login interfaces, capturing user credentials and session cookies in real-time. According to the Any.run malware trends tracker, Tycoon 2FA leads with over 64,000 reported incidents this year.”
Notably, the phishing kit can modify its approach based on error messages received during login attempts.
“A particularly advanced feature of the Tycoon 2FA campaign is its ability to understand an organization’s specific security policies,” the researchers write. “By analyzing error messages from the login process, the phishing kit can tailor its attacks to create highly targeted campaigns, increasing its chances of successfully stealing credentials.”
Employee training is an essential layer of defense against phishing attacks. Cybereason offers the following advice to help organizations thwart these attacks:
- “Train users to recognize suspicious activities and phishing attempts to minimize reinfection risks.
- Teach identification of modified or misspelled URLs and grammatical errors in communications.
- Educate users on the risks of malicious files (e.g., PDFs, PPTs, Word documents, and SVG files) that may redirect to phishing websites.”
AI-powered security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for these attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Cybereason has the story.
