MITM Phishing Toolkit Research Highlighted by Stony Brook University at NET+ I2 Online Event

Subscribe for more like this


By Apryl Motley - Technical Writer & Communications Lead, Internet2 Trust and Identity/NET+ Service

Estimated reading time: 3 minutes

Hosted by:

I2 Cloud NET+

Sponsored by:

Carahsoft logo

Consider this scenario. Students on your campus receive an email directing them to verify their Office 365 accounts or risk account termination. The message’s “click here to verify” link takes the recipients to a phishing webpage that asks for credentials and a phone number. If they click the link and provide login credentials, the bad actors use the phished credentials to log into the Office 365 account and generate multi-factor authentication (MFA) requests via text. At this moment, almost all the necessary components are in place for carrying out a phishing attack that bypasses MFA.

Join Us for the ‘Mitigating MITM Phishing Toolkit Attacks that Bypass MFA’ Webinar
June 29 at 2 p.m. ET
Register today!

These phishing attacks that leverage man-in-the-middle (MITM) phishing toolkits are acting as malicious reverse proxy servers of online services are on the rise. These toolkits automate the harvesting of two-factor authenticated sessions and substantially increase the believability of phishing web pages.

Are you aware of these new phishing attacks and prepared to defend against them? On June 29 at 2 p.m. ET, the NET+ Program will host a webinar on “Mitigating MITM Phishing Toolkit Attacks that Bypass MFA.”

NET+ Program Manager Nick Lewis identified awareness and prevention of these attacks as a critical issue for the community to address. “I’ve heard from several campuses that have experienced these kinds of attacks,” Lewis said. “It’s important for our community to monitor this threat carefully and understand there is a mechanism for defending against it.”

With that aim, the NET+ Program invited researchers from Stony Brook University to address the community. In collaboration with a researcher at NET+ service provider Palo Alto Networks, they conducted a year-long analysis of MITM phishing toolkits. By analyzing and experimenting with these toolkits, they identified intrinsic network-level properties campuses can use to identify and defend against them. 

Join us for this important discussion with two Stony Brook research team members, Nick Nikiforakis and Babak Amin Azad, who will share their insights on this emerging threat and address your questions about managing it on your campus.

We welcome suggestions of topics for future programs. Got ideas? Contact us at netplus@internet2.edu

About Our Sponsor

Carahsoft Technology Corp. supports public sector organizations across federal, state, and local government agencies and education and healthcare markets. We deliver solutions for artificial intelligence, cybersecurity, multiCloud, DevSecOps, big data, open-source, customer experience and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry-leading IT products, services and training through hundreds of contract vehicles. Visit us at www.carahsoft.com.

Stony Brook MITM Phishing Toolkit Analysis by the Numbers*
  • Versions of MITM toolkits studied: 13
  • Websites utilizing MITM phishing toolkits: 1,220
  • Percentage of those domains identified that appear on popular blocklists: 43.7%

*Source: “Catching Transparent Phish: Analyzing and Detecting MITM Phishing Toolkits.” Presented at ACM Conference on Computer and Communications Security (CCS) 2021.