Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
From insight to action: Securing APAC’s future with AI-driven cy...
Nexusguard Partners with DIMA to Provide Advanced DDoS Protection Serv...
Critical zero-day exploits dormant WinRAR vulnerability to target glob...
Survey finds 57% of respondents had experienced ransomware attacks in ...
Surveyed IT professionals report 78% ransomware targeting: highest ran...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      From insight to action: Securing APAC’s future with AI-driven cybersecurity

      From insight to action: Securing APAC's future with AI-driven cybersecurity

      Wednesday, August 13, 2025, 10:07 AM Asia/Singapore | Features
    • Featured

      Experts weigh in on Singapore’s response to UNC3886

      Experts weigh in on Singapore’s response to UNC3886

      Friday, August 8, 2025, 10:45 PM Asia/Singapore | Features, Newsletter, Opinions
    • Featured

      When legitimate URLs lead to dangerous destinations

      When legitimate URLs lead to dangerous destinations

      Wednesday, August 6, 2025, 11:04 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Features
    • Featured

      From insight to action: Securing APAC’s future with AI-driven cybersecurity

      From insight to action: Securing APAC's future with AI-driven cybersecurity

      Wednesday, August 13, 2025, 10:07 AM Asia/Singapore | Features
    • Featured

      Experts weigh in on Singapore’s response to UNC3886

      Experts weigh in on Singapore’s response to UNC3886

      Friday, August 8, 2025, 10:45 PM Asia/Singapore | Features, Newsletter, Opinions
    • Featured

      When legitimate URLs lead to dangerous destinations

      When legitimate URLs lead to dangerous destinations

      Wednesday, August 6, 2025, 11:04 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning
News

Even phishing is now becoming a commoditized tool for fraudsters: threat report

By CybersecAsia editors | Friday, March 28, 2025, 2:34 PM Asia/Singapore

Even phishing is now becoming a commoditized tool for fraudsters: threat report

In one cybersecurity firm’s Jan/Feb 2025 incidence metrics, attacks originating from Phishing-as-a-Service threat groups had surged in its global user base

In the first few months of 2025, a cybersecurity firm had registered a massive spike in Phishing-as-a-service (PhaaS) attacks targeting its protection ecosystem around the world.

Amid the more-than-a-million attacks detected, three PhaaS groups were the most prominent: Tycoon 2FA (89%), EvilProxy (8%), and Sneaky 2FA (3%).

According to Saravanan Mohankumar, Threat Analyst, Barracuda, the firm reporting the PhaaS trend in its user base: “The platforms that power PhaaS are increasingly complex and evasive, making phishing attacks both harder for traditional security tools to detect and more powerful in terms of the damage they can do. An advanced, multi-layered defence strategy with AI/ML enabled detection, combined with a strong security culture and consistent security access and authentication policies, can help to protect organizations and employees against (such) attacks.”

Here are the profiles of the three threat groups:

  1. Tycoon 2FA: rapid innovation in evasion tools

    Since its early visibility in January 2025, the threat group has continued to develop and enhance its evasive tactics, becoming even harder to detect:

    • The code script for credential theft and exfiltration is now encrypted and obfuscated using a substitution cypher, and sometimes an invisible character (known as a Hangul Filler).
    • The new and enhanced script can identify a victim’s browser type to help with attack customization and features links to the Telegram service that can be used to secretly send stolen data to attackers.
    • The script also enables parts of a web page to be updated independently of the rest of the page, and can include AES encryption to disguise credentials before exfiltrating them to a remote server. All this makes detection by security tools far more difficult.
  1. EvilProxy: a dangerously accessible tool

    This group’s attacks can be implemented with minimal technical expertise. It targets widely used services such as Microsoft 365, Google, and other cloud-based platforms, tricking victims into entering their credentials into seemingly legitimate login pages. The source code used by EvilProxy for its phishing webpage closely matches that of the original Microsoft login page. This makes it difficult to distinguish the malicious site from the original (legitimate) website.

      1. Sneaky 2FA: It fills-in the phishing form for victims

        This is a platform for Adversary-in-the-Middle attacks targeting Microsoft 365 accounts in search of credentials and access. Like Tycoon 2FA, it leverages the messaging platform Telegram. Sneaky 2FA checks to make sure the user is a legitimate target and not a security tool, bot or other adversary: if this is the case, the “victim” is redirected to a harmless site elsewhere, before pre-filling the fake phishing page with the victim’s email address by abusing Microsoft 365’s autograb functionality.

            According to Barracuda experts, people can spot PhaaS attacks from the above groups in the following instances, and avoid entering credentials into the phishing page:

            • A login page includes a “.ru” top-level domain (the last part of a URL), and the victim’s email ID is embedded in the phishing URL either in the form of plain text or Base64-encoded. This could indicate a Tycoon 2FA attack.
            • EvilProxy attacks are harder to detect because they use a random URL. However, check the Microsoft/Google login page URL to make sure it is legitimate and not spoofed. Another giveaway is unusual multi-factor authentication prompts that appear even when no login is actually being attempted.
            • Check if the webpage URL contains a 150 alphanumeric string followed by either /verify, /index, or /validate at the end of the URL. This is a clue to the presence of Sneaky 2FA.

    Share:

    PreviousGlobal Tech Visionaries and Industry Leaders to Discuss The Future of Tech at ATxEnterprise 2025
    NextLunit Announces Partnership with the National Cancer Institute to Advance AI-Powered Biomarker Research

    Related Posts

    Pit your wits in the first ever FIDO global developer challenge

    Pit your wits in the first ever FIDO global developer challenge

    Wednesday, June 16, 2021

    Malware myth: if you do not launch it, the app cannot do much

    Malware myth: if you do not launch it, the app cannot do much

    Tuesday, April 19, 2022

    How challenging is ensuring cybersecurity in digitalizing operational technology environments?

    How challenging is ensuring cybersecurity in digitalizing operational technology environments?

    Tuesday, April 29, 2025

    APAC businesses focus on revenue, face higher fraud risk

    APAC businesses focus on revenue, face higher fraud risk

    Thursday, July 8, 2021

    Leave a reply Cancel reply

    You must be logged in to post a comment.

    Voters-draw/RCA-Sponsors

    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    Slide
    previous arrow
    next arrow

    CybersecAsia Voting Placement

    Gamification listing or Participate Now

    PARTICIPATE NOW

    Vote Now -Placement(Google Ads)

    Top-Sidebar-banner

    Whitepapers

    • 2024 Insider Threat Report: Trends, Challenges, and Solutions

      2024 Insider Threat Report: Trends, Challenges, and Solutions

      Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
    • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

      AI-Powered Cyber Ops: Redefining Cloud Security for 2025

      The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
    • Data Management in the Age of Cloud and AI

      Data Management in the Age of Cloud and AI

      In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
    • Mitigating Ransomware Risks with GRC Automation

      Mitigating Ransomware Risks with GRC Automation

      In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

    Middle-sidebar-banner

    Case Studies

    • PT Kereta Api Indonesia announces nationwide email and communication overhaul

      PT Kereta Api Indonesia announces nationwide email and communication overhaul

      The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more
    • Operationalizing sustainability in cybersecurity: Group-IB’s approach

      Operationalizing sustainability in cybersecurity: Group-IB’s approach

      See how the firm turned malware-group takedowns into measurements of sustainability and resilience gains: by …Read more
    • Thai government expands secure email management to close cybersecurity gaps

      Thai government expands secure email management to close cybersecurity gaps

      New measures address cybersecurity gaps in public sector communications, deploying advanced protections and operational support …Read more
    • How Iress optimized global DevSecOps

      How Iress optimized global DevSecOps

      Scaling compliance, security & efficiency – while seamlessly migrating to the cloud – with JFrog.Read more

    Bottom sidebar

    • Our Brands
    • DigiconAsia
    • MartechAsia
    • Home
    • About Us
    • Contact Us
    • Sitemap
    • Privacy & Cookies
    • Terms of Use
    • Advertising & Reprint Policy
    • Media Kit
    • Subscribe
    • Manage Subscriptions
    • Newsletter

    Copyright © 2025 CybersecAsia All Rights Reserved.