Phishing or similar-looking websites or email addresses continues to be the favourite weapon for hackers. To make things worse, phishing kits, which offer phishing-as-a-service (PhaaS), are made easily available in the dark web, lowering the bar in launching phishing attacks.
The fact that the first two months of the calendar year witnessed blocking of 10 lakh cyber attacks that were originated from PhaaS platforms.
A new report on the tools and techniques used in the attacks highlights how PhaaS platforms are evolving rapidly to become more dangerous and evasive. Many target users of popular cloud-based platforms such as Microsoft 365,” a report by cybersecurity solutions company Barracuda said.
- Also read: Cloudflare launches AI tools to help secure AI usage in organisations
“Most (89 p.c.) of the detected incidents involved the sophisticated Tycoon 2FA, followed by EvilProxy, which accounted for 8 p.c. of attacks and the newcomer, Sneaky 2FA, which was behind 3 p.c. of the incidents. The three platforms have different and distinct toolsets, with some common elements such as the use of the Telegram messaging service to further attacks,” the report said.
Barracuda threat analysts reported on Tycoon 2FA in January 2025. Since then, the platform has continued to develop and enhance its evasive tactics, becoming even harder to detect.
“Among other upgrades, the code script for credential theft and exfiltration is now encrypted and obfuscated using a substitution cypher and sometimes an invisible character (known as a Hangul Filler),” the report said.
The new and enhanced script can identify a victim’s browser type to help with attack customisation and features links to the Telegram service that can be used to secretly send stolen data to attackers.
- Also read: Google’s $32 billion deal for Israeli cybersecurity firm Wiz accelerated under Trump, sources say
“The script also enables parts of a web page to be updated independently of the rest of the page and includes AES encryption to disguise credentials before exfiltrating them to a remote server. All this makes detection by security tools far more difficult,” it pointed out.
“The platforms that power PhaaS are increasingly complex and evasive, making phishing attacks both harder for traditional security tools to detect and more powerful in terms of the damage they can do,” Saravanan Mohankumar at Barracuda.
“An advanced, multilayered defence strategy with AI/ML-enabled detection, combined with a strong security culture and consistent security access and authentication policies, will help to protect organisations and employees against PhaaS-based attacks,” he said.
