Phishing-as-a-Service (PhaaS) has emerged as a significant threat. According to a recent article on SmarterMSP, over a million PhaaS attacks were recorded in just two months, highlighting the growing sophistication and prevalence of these attacks.

PhaaS provides cybercriminals with advanced toolsets and templates, enabling them to deploy phishing campaigns quickly and effectively. The article emphasizes the alarming rise in PhaaS attacks, driven by the continuous enhancement of phishing kits by their developers. One prominent example is the Tycoon 2FA phishing kit, which has evolved to bypass multifactor authentication by collecting and using Microsoft 365 session cookies.

Barracuda threat analysts have observed that around 30% of credential attacks in 2024 utilized PhaaS, and this figure is expected to rise to 50% in 2025. The latest version of Tycoon 2FA, first seen in November 2024, employs sophisticated tactics to evade detection and inspection. These tactics include using legitimate email accounts to launch attacks, obstructive source code, and measures to block automated security scripts and penetration-testing tools.

The article dives into the specific tactics used by Tycoon 2FA to evade detection, such as disabling the right-click menu, blocking users from copying meaningful text, and listening for keystrokes that suggest web inspection. By targeting vulnerabilities in the 2FA process, attackers can gain unauthorized access to secure accounts.

As the threat landscape continues to evolve, it is crucial for organizations to stay vigilant and adopt robust cybersecurity measures to protect against PhaaS attacks.

Source: SmarterMSP