SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Cloud Security
#
Email Security
#
AI

Phishing-as-a-Service attacks rise in early 2025 report

Today
Author image
By Sean Mitchell, Publisher

A recent report by Barracuda Networks highlights a marked increase in Phishing-as-a-Service (PhaaS) attacks within the first two months of 2025.

During this period, Barracuda's detection systems successfully blocked over one million phishing attempts originating from prominent PhaaS platforms. These attacks are becoming progressively sophisticated, with platforms such as Tycoon 2FA, EvilProxy, and Sneaky 2FA identified as the most utilised tools for carrying out these operations.

The report indicates that a significant majority, 89%, of these incidents involved the use of Tycoon 2FA software. EvilProxy accounted for 8% of the attacks, noted for its low requirement for technical expertise to be implemented. The remainder, 3%, were linked to Sneaky 2FA, a comparatively new addition to the PhaaS landscape.

Barracuda Networks has observed an increase in attacks targeting cloud-based platforms, with a particular focus on Microsoft 365. This trend underscores a shift towards targeting widely adopted enterprise solutions.

"The platforms that power phishing-as-a-service are increasingly complex and evasive, making phishing attacks both harder for traditional security tools to detect and more powerful in terms of the damage they can do," stated Saravanan Mohankumar, Threat Analyst Team Lead at Barracuda. He added, "An advanced, multilayered defense strategy with AI/ML enabled detection, combined with a strong security culture and consistent security access and authentication policies, will help to protect organisations and employees against PhaaS based attacks."

The report offers a detailed examination of the different platforms involved. Tycoon 2FA has advanced its capabilities, now incorporating encrypted and obfuscated code scripts to enhance evasion. Innovations include the ability to identify browser types to tailor attacks and utilise Telegram for data transmission. Further, the platform employs AES encryption to conceal credentials during exfiltration, thus complicating detection efforts.

EvilProxy is highlighted for its capability to execute attacks with minimal technical skills. It mimics the visual components of legitimate login pages for platforms such as Microsoft 365 and Google, making it challenging to spot phishing attempts.

Sneaky 2FA, though less frequently encountered, introduces adversary-in-the-middle attack techniques, focusing on Microsoft 365 credentials. This platform also uses Telegram and checks the validity of the target to ensure effectiveness, redirecting improper targets to innocuous sites. By exploiting Microsoft 365's 'autograb' functionality, Sneaky 2FA can pre-fill phishing forms with the victim's email address.

The findings of this report point towards a complex and rapidly evolving phishing threat landscape. Enhanced security measures and awareness are deemed essential in countering these sophisticated phishing attempts.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Bitdefender uncovers massive Google Play Store ad fraud
Spike in remote ransomware attacks reported by Sophos
Tenable warns DeepSeek AI model can be breached for malware
Trend Micro unveils AI-driven platform for MSP efficiency
Cisco & NVIDIA unveil secure AI factory architecture
Top stories
Orange Cyberdefense earns global recognition for XSIAM
Westcon-Comstor & Claroty join forces for ASEAN security
Red Alpha appoints new CISO-in-residence amid talent gap
Cynet appoints Meghan AuBuchon as chief marketing officer
Massive attack on GitHub affects over 23,000 repositories