EvilProxy attacks rely on a phishing-as-a-service kit first introduced by cybersecurity company Resecurity in September 2022. Using adversary-in-the-middle tactics, this kit can execute phishing attacks with reverse proxy capabilities, allowing it to steal credentials and get around 2FA. With EvilProxy’s user-friendly interface, any cybercriminal can create and launch phishing campaigns with customizable features.
EvilProxy Attacks: Definition, Characteristics, and Common Tactics
EvilProxy Attacks begin with emails that purport to be from reputable companies or services like Adobe, Concur, or DocuSign. To avoid detections at the email level, the emails contain a malicious link that directs the user to an open redirection at a trustworthy website like YouTube or Slickdeals. To decrease the likelihood of discovery, a succession of randomly generated redirecting webpages come next. The user is directed to the EvilProxy phishing website, which, in this instance, is a reverse proxy for the Microsoft login page.
The attackers utilize a unique encoding and only upload their PHP code to compromised legitimate websites to decode the victim’s email address before it lands on the EvilProxy phishing page. This allows them to conceal the victim’s email address while performing the redirections and prevent automatic scanning tool detections. An unwary user enters their credentials when they go to the phishing page. The phishing page then requests the 2FA code to authenticate users to the service. The kit opens a session and gains access to the user’s account as soon as the code is given.
Risks and Consequences of Unprotected Networks
EvilProxy attacks seriously threaten organizations and individuals relying on cloud-based services such as Microsoft 365. Attackers can access sensitive information, emails, contacts, calendars, documents, and more by stealing credentials and disabling 2FA. Additionally, they can carry out business email compromise (BEC) scams and send malicious emails to other targets using the compromised accounts.
Getting caught in an EvilProxy attack can have disastrous results. Organizations may experience monetary losses, harm to their reputation, legal ramifications, fines from the authorities, and a decline in customer confidence, contingent on the kind and value of the compromised data. In addition, people may experience harassment, fraud, blackmail, or identity theft.
Ensuring Defense with Residential Proxies in the Context of EvilProxy Attacks
Internet service providers (ISPs) assign residential proxies, or real IP addresses, to devices like computers and smartphones. They are not to be confused with data center proxies, IP addresses created by data center servers. Because residential proxies are less likely to be discovered or blocked by websites or services, they are more reliable and secure than data center proxies.
Because they offer additional security and anonymity, residential proxies can aid in defending against EvilProxy attacks. Users can hide their IP address and location when accessing cloud-based services using residential proxies. By doing this, you may not allow attackers to monitor your online activity or obtain your email address for phishing schemes.
Highlighting Instances of EvilProxy Attacks
EvilProxy attacks target thousands of high-value Microsoft cloud accounts in more than 100 organizations worldwide. The targets include senior executives, vice presidents, directors, managers, and other high-ranking employees in various industries such as technology, healthcare, manufacturing, energy, and finance. Some of the notable victims include:
- A global technology company with over 10,000 employees
- A Fortune 500 healthcare company with over 50,000 employees
- A multinational manufacturing company with over 100,000 employees
- A leading energy company with over 20,000 employees
- A major financial institution with over 200,000 employees
Successful Defense Cases against EvilProxy Attacks with Residential Proxies
Residential proxies have proven to be effective in defending against EvilProxy attacks. Some of the successful defense cases include:
- A small business owner who accessed his Microsoft 365 account from various devices and locations by using residential proxies. He came across a dubious email from DocuSign with a dangerous link. He forwarded the email to his IT department, ignoring it. Subsequently, he discovered that EvilProxy attackers had targeted his account, attempting to obtain his login credentials and get around 2FA.
- A freelance journalist used residential proxies to access her Microsoft 365 account from different countries when traveling. Adobe sent her an email claiming to have a crucial document for her. After clicking the link, she was taken to a phishing website that imitated the Microsoft login page. After realizing it was a scam, she shut down her browser. When she investigated the activity on her account, she discovered that someone had attempted to log in using a different IP address and location.
- A nonprofit that used residential proxies to access their Microsoft 365 account from various locations and devices. Concur sent them an email requesting that they check their travel expenses. After clicking the link, a phishing page opened and asked for their 2FA code and login credentials. They did not enter their 2FA code, but they did enter their credentials. When they contacted IT support, they discovered that EvilProxy attackers had attempted to access their account and were unsuccessful.
Encouraging Proactive Network Security Measures against EvilProxy attacks
EvilProxy attacks are a severe and growing threat that can compromise the security and privacy of cloud-based services. Users and organizations should proactively protect their networks and accounts from these attacks. Some of the recommended actions include:
- Using residential proxies to mask the actual IP address and location when accessing cloud-based services
- Enabling 2FA or multi-factor authentication (MFA) for all online accounts
- Educating employees and users about the signs and risks of phishing emails and websites
- Verifying the sender, subject, and content of emails before clicking on any links or attachments
- Reporting any suspicious or malicious emails or websites to the IT department or the service provider
- Monitoring the account activity and security alerts for any unusual or unauthorized access attempts
- Updating the software, applications, and devices with the latest security patches and updates
You can protect yourself from EvilProxy attacks by using residential proxies. You can enjoy unrestricted access to cloud-based services and improve network security and privacy by utilizing residential proxies. Avoid letting hackers using EvilProxy obtain your login information and data. Get residential proxies now to protect your online privacy.