There is a new advanced phishing attack that has been wreaking havoc on businesses over the past several weeks called “EvilProxy. Here is a synopsis that explains EvilProxy and gives recommendations on how to protect your business from it.
What is an “EvilProxy” Phishing attack?
EvilProxy is an advanced phishing attack designed to steal users’ passwords and Multi-Factor Authentication (MFA) details. MFA is the two-step verification method that requires a one-time code from a secondary device (such as your cell phone) to be provided when signing into an account on your computer or smart device.
How Does an “EvilProxy” attack work?
EvilProxy works by first sending phishing emails with links to a site that is masquerading as a branded or well-known sign-in page. When a user enters their sign-in information and their MFA code, the hacker can capture the session information and utilize it for themselves. This grants the bad actor full access to the user’s account that was previously protected with MFA.
How to Defend Against an “EvilProxy” attack
Along with advanced security policies to limit phishing attempts, defending against advanced phishing attacks that leverage toolkits like EvilProxy is to train users to remember the basics of safe email usage:
- Double-check the “from” email address of all messages that they receive.
- Do not open attachments or links that were not expected.
- Never provide usernames and passwords to anyone through links received from an e-mail or over the phone.
- Do not approve MFA requests if you are not actively signing into your account.
Further Recommendations
Continuing to use Multi-Factor Authentication (MFA) across your Microsoft 365 tenancy is core to protecting sensitive data or business-critical applications. However, attackers will always be working to undermine the protections that we put in place. However, attackers will always be working to undermine the protections that we put in place.
Maintaining a proper awareness-based security posture requires that we are protected in multiple ways. We need to reduce risk with advanced security policies and empower our users on how to recognize attacks. With this in mind, here are two solutions that can be implemented to strengthen your security posture and augment your user’s awareness.
1. Hornet Security 365 Total Protection Enterprise Backup.
https://www.hornetsecurity.com/en/services/365-total-protection-enterprise-backup/
Hornet Security combines the safety net of a total M365 backup, (including all mailboxes, Teams, SharePoint, OneDrive, and everything else) with powerful additional advanced security policies, (anti-spoofing with DKIM / DMARC, anti-phishing, AI driven Advanced Threat Detection, Live E-mail tracking, etc.), to create an augmented defense against attacks.
2. KnowBe4 Enterprise Security Awareness Training.
https://www.knowbe4.com/en/products/enterprise-security-awareness-training/
KnowBe4 has rapidly become one of the most robust solutions for arming your users with the necessary knowledge to identify and prevent attacks before they even start. The big bad Cyber Crime Lords of the Internet are certainly using your users against you! To prevent our users from becoming weaponized, we need to ensure that we are properly training our users with the necessary knowledge to identify and shut these guys down! Through fine-tuning and targeted simulations, we can identify the weak points in our users’ knowledge, put together enterprise-level reporting to measure progress, and ultimately create computer-based training programs from a massive library of content. Simply put, Human Error – Conquered.