A new report from Amnesty International highlights how reverse proxies are being used to bypass 2FA and phish the credentials of journalists and human rights defenders.
Amnesty has been tracking the way journalists and human rights defenders in Uzbekistan are being targeted in sophisticated phishing attacks that include man in the middle and session high-jacking techniques. Using open source reverse proxies (such as Modlishka) the attackers are able to capture both the user credentials and the second factor response delivered over SMS or from a one-time-password (OTP) authenticator. The reverse proxy then captures the session authentication token returned from the target server and can use this for prolonged access to the targeted account.
Where man-in-the-middle (MITM) attacks are a concern, OTP codes delivered from an authenticator app or over SMS could be captured and used by the attackers. An effective defence is to use a FIDO2 compliant Security Key which would fail to authenticate against the MITM proxy server (because the URL is wrong) and so thwart the attack.
