Phishing remains the most prevalent form of cyber attack globally, with 1.2% of all email traffic being phishing attempts, amounting to 3.4 billion malicious emails daily.
Despite the low success rate, with only 3% of employees clicking on malicious links, the impact can be devastating for organizations.
Cybercriminals are continually evolving their tactics, incorporating sophisticated techniques to bypass multi-factor authentication (MFA) and hijack user accounts.
Advanced Phishing Techniques
One of the most effective methods used by phishers is the “Browser-in-the-Browser” (BITB) attack, introduced by security researcher mr.d0x in 2022.
This technique involves creating a fake browser window within a legitimate-looking webpage, allowing phishers to mimic the appearance of trusted third-party authenticators like Google or Microsoft.
The fake browser window is an iframe that can be dragged and dropped, making it highly convincing.
This approach allows attackers to bypass traditional URL checks, as the fake browser displays a legitimate URL, enhancing the illusion of authenticity.
Another sophisticated technique is the “Adversary-in-the-Middle” (AITM) attack, which uses tools like Evilginx to act as a reverse proxy between the victim and the legitimate website.
This method captures not only credentials but also session cookies and tokens, effectively bypassing MFA protections.
Evilginx allows phishers to inject custom JavaScript into the proxied pages, further enhancing their control over the victim’s interaction.
Heavy Techniques for Enhanced Control
More resource-intensive methods include using noVNC to host a browser in kiosk mode and providing access via web VNC.
According to QuarksLab Report, This technique bypasses two-factor authentication by allowing attackers to reuse the session from the hosted browser.
Projects like EvilnoVNC mitigate risks by sandboxing the browser in Docker containers, ensuring that the victim cannot escape the kiosk mode.
Additionally, “Browser-in-the-Middle” (BITM) attacks utilize WebRTC technology to stream a controlled browser session to the victim, replicating their actions in real-time.
Tools like CuddlePhish enable phishers to take control of the session, redirect the user, and capture cookies once the target is authenticated.
These advanced techniques highlight the evolving sophistication of phishing attacks and the need for robust security measures to protect against them.
