Security researchers at Okta have uncovered a previously unknown phishing-as-a-service operation called VoidProxy that represents a significant escalation in cybercriminal capabilities targeting business email and cloud accounts.
Unlike traditional phishing attacks that simply steal passwords, VoidProxy uses real-time “adversary-in-the-middle” techniques that can bypass common two-factor authentication methods including SMS codes and authenticator apps. The service essentially acts as an invisible relay, capturing credentials and authentication codes as users enter them, then immediately using them to access legitimate accounts and steal session tokens that provide ongoing access.
According to Okta’s research, the platform includes a full administrative interface that allows cybercriminals to manage campaigns and monitor victims in real-time, effectively democratizing sophisticated attack techniques that previously required significant technical expertise.
Business Impact
The emergence of VoidProxy highlights a concerning trend where advanced cyberattack capabilities are becoming available as commercial services, lowering the barrier for threat actors to target organizations of all sizes. Successful attacks through such platforms typically lead to business email compromise, financial fraud, and data theft, with compromised accounts often serving as launching points for further attacks within victim networks.
The research did identify effective defenses. Users protected by phishing-resistant authentication methods, such as Okta’s FastPass technology, received attack warnings and were unable to be compromised through the VoidProxy infrastructure.
Other phishing-resistant technologies include hardware security keys, biometric authentication, and modern passwordless solutions specifically designed to prevent relay-style attacks.
The discovery underscores the importance of organizations moving beyond basic two-factor authentication to more advanced security measures. Security experts recommend prioritizing phishing-resistant authentication methods, especially for administrative accounts and users with access to sensitive systems.
Organizations should also consider implementing behavioral analytics, device-based access controls, and real-time threat intelligence capabilities to defend against increasingly sophisticated attack platforms.
For the complete technical analysis and research findings, read Okta’s full security report
Leave a Reply