SMEs warned to keep on top of cybersecurity
A Cork-based company has said it is sounding the alarm for small businesses over phishing scams using a new tool to bypass security measures.
Cybersecurity firm Radius Technologies recently said EvilProxy has been used by cybercriminals all over the world in recent months to compromise email accounts.
The company said it’s of particular concern because EvilProxy bypasses most forms of multi-factor authentication, which is the primary defence used by many organisations against their accounts being compromised.
It’s also a more powerful and user-friendly hacking tool than previous methods of its kind, Radius Technologies has claimed.
Director of Radius Technologies Kevin O’Regan said the people behind EvilProxy have gone to great lengths to help more hackers use their system: “Much like any legitimate platform, it’s easy to set up, offers training and instructional videos, has a user friendly interface and a library of assets to help fool people into thinking they’re dealing with trustworthy internet resources.”
Experts refer to EvilProxy as an adversary in the middle (AiTM) attack framework, which is offered as a cheap and easy to use service on the dark web amongst cybercriminals.
Once downloaded, threat actors deploy EvilProxy to craft phishing emails that link users to websites that look just like legitimate sign-in pages for services like Google Workspace and Microsoft 365.
These sites then redirect the user to legitimate login sites, allowing them to see and collect user credentials, valid session cookies and effectively sit in the middle of the multi-factor authentication process. They can then repeatedly access accounts without the need to log in again.
Mr O’Regan said it’s time for SMEs to go further than basic multi-factor authentication: “Sometimes small businesses think they’re not big enough for hackers to bother with, but we’ve seen the impact these incidents have on big and small organisations. Hackers don’t care who they attack, they just want money or your data.
“The first step towards protecting your business and data is always up-to-date training for your teams so they can spot any unusual email activity or website addresses and raise the alarm. Your tech team can also strengthen your authentication strategy. It can be a painstaking process but if the alternative is being more vulnerable to attack, then it’s worth every moment.”