Cybersecurity firm Radius Technologies is sounding the alarm for small businesses over phishing scams using a new tool to bypass security measures. The Cork-based company says EvilProxy has been used by cybercriminals all over the world in recent months to compromise email accounts.
It’s of particular concern because EvilProxy bypasses most forms of multi-factor authentication, which is the primary defence used by many organisations against their accounts being compromised. It’s also a more powerful and user-friendly hacking tool than previous methods of its kind.
Director of Radius Technologies Kevin O’Regan says the people behind EvilProxy have gone to great lengths to help more hackers use their system: “Much like any legitimate platform, it’s easy to set up, offers training and instructional videos, has a user friendly interface and a library of assets to help fool people into thinking they’re dealing with trustworthy internet resources”.
Experts refer to EvilProxy as an adversary-in-the-middle (AiTM) attack framework, which is offered as a cheap, easy to use service on the dark web amongst cybercriminals.
Once downloaded, threat actors deploy EvilProxy to craft phishing emails that link users to websites that look just like legitimate sign-in pages for services like Google Workspace and Microsoft 365.
These sites then redirect the user to legitimate login sites, allowing them to see and collect user credentials, valid session cookies and effectively sit in the middle of the Multi-Factor Authentication process. They can then repeatedly access accounts without the need to log in again.
Kevin O’Regan says it’s time for SMEs to go further than basic Multi-Factor Authentication: “Sometimes small businesses think they’re not big enough for hackers to bother with, but we’ve seen the impact these incidents have on big and small organisations. Hackers don’t care who they attack, they just want money or your data. The first step towards protecting your business and data is always up-to-date training for your teams so they can spot any unusual email activity or website addresses and raise the alarm. Your tech team can also strengthen your authentication strategy. It can be a painstaking process but if the alternative is being more vulnerable to attack, then it’s worth every moment”.
Using data collected by NASA's Parker Solar Probe during its closest approach to the sun, a University…
The Research Ireland ARC (Accelerating Research to Commercialisation) Hub for ICT was officially launched today…
Disney+ in Ireland is set to launch a new ad-supported subscription plan on March 3. The…
Did you watch Mark Carney’s presentation last week at Davos? No, is probably your answer,…
With recent miserable weather keeping more people indoors, Virgin Media Ireland, Ireland’s leading telecommunications and entertainment provider, has analysed Google…
Ireland’s leading technology conference, BelTech, will return on 5 March 2026, bringing together industry leaders,…
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at Simon@IrishTechNews.ie now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at Info@IrishTechNews.ie now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.