• Security
  • 05/09/2022
Multi-Factor Authentication Bypasses: What You Need To Know

When it comes to a cyber security standpoint, how secure can you claim to be? Some organisations are on the ball, deploying state-of-the-art firewalls, EDR and constantly patching. However, others may have strategies that leave a lot to be desired.

And, whilst we won't spend another blog post hammering cyber security stats (we already have a detailed cyber security blog section here), we'd like to bring something to your attention.

The Rise of MFA Bypasses

You may have read about the recent Twilio hack, which led to the leakage of 2FA codes and further highlighted the threat of cyber criminals in 2022 and beyond.

The cyber security company, Resecurity, identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. 

In some sources, the alternative name is Moloch, which has some connection to a phishing kit developed by several notable underground actors who previously targeted financial institutions and e-commerce sectors.

Bypassing MFA

As an article from Resecurity states, EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying a victim’s session. Previously such methods have been seen in targeted campaigns of APT and cyberespionage groups.

These methods have been successfully productised in EvilProxy, highlighting the significance of growth in attacks against online services and MFA mechanisms.

At Fifosys, our engineers could replicate the bypass, meaning organisations must be mindful that MFA is far from a catch-all solution. 


EvilProxy - and its MFA-bypassing capabilities should be news enough to worry anyone.

Based on Resecurity's ongoing investigation surrounding the result of attacks against multiple employees from Fortune 500 companies, they obtained substantial knowledge about EvilProxy, including its structure, modules, functions, and the network infrastructure used to conduct malicious activity. 

Early occurrences of EvilProxy have been initially identified in connection to attacks against Google and MSFT customers who have MFA enabled on their accounts – either with SMS or Application Token. 

EvilProxy is, for all intents and purposes, a new threat. The first mention of the attack was detected in early May 2022, when the actors running it released a demonstration video. In this video, they highlighted how EvilProxy could deliver advanced phishing links, whilst compromising consumer accounts.

Whilst that may sound like nothing more than a generic threat, they demonstrated the capabilities on accounts for services/vendors such as Apple, Facebook, Google, Dropbox, Instagram, Microsoft, Twitter and Yahoo.

Another notable headline to emerge from their findings is that EvilProxy also supports phishing attacks against Python Package Index (PyPi).

What is MFA?

Multi-factor authentication (MFA) is a cyber security strategy that uses more than one factor to authenticate a user. These factors can include but are not limited to a password and an access code. MFA uses these verification factors in combination or sequence.

The idea is that if an attacker can steal your password, they will also be required to compromise your second factor to gain access, strengthening the security of your account and making unauthorised access more difficult. 

However, not all users are comfortable with two-factor authentification schemes, and many industry analysts have suggested that this has led to declining adoption rates. 

Is MFA vulnerable? 

As alluded to earlier, MFA is far from bulletproof. Hackers can bypass security measures by using multiple login attempts before locking an account down for a suspected breach. 

McAfee recommends that a password policy combined with two-factor authentication is the best way to mitigate the risk of lost devices. According to the company, multi-factor authentication will be more secure than password-only authentication protocols in the long run as more sophisticated hacking techniques develop.

The Last Word

When it comes to cyber security, it's not an area you should venture into alone - nor do you have to.

At Fifosys, we're here 24/7/365 to support you through challenging times and ensure your safety.

We can work with you to develop a custom security solution designed with you in mind; reach out today to get your journey started.


Recent Post

The Cloud Question


Are IT preconceptions holding the business back?


How secure is the Cloud?


The Six R's of Cloud Migration


Cloud Computing and the Property Sector


Related Posts

  • Security
  • Jan

Do we value our data enough to protect it?

I’m sure you know yourself. You know your business. Of course you want to protect everything in it,

Read More
  • Security
  • Jan

Privacy or anonymity? - Which is more important in the digital era?

Technology is evolving quicker than most peoples’ ability to understand it; therefore it is increasi

Read More
  • Security
  • Jan

If all computers are vulnerable, how strong are your security defences?

You should now understand the difference between Privacy, Anonymity and Pseudonymity. which should l

Read More
  • Security
  • Jan

The Cyber Security Landscape - Best Practices to Protect Your Business Data

What business owners consider to be valuable assets will vary from one business owner to another  bu

Read More