Two-factor authentication security at risk

Accounts protected by two-factor authentication (2FA) may be at risk, after a significant new security vulnerability was discovered. 2FA is used by many organisations to protect against phishing attacks and compromised passwords, which are two of the most common causes of cyber incidents.

Specialist insurance provider, CFC Underwriting, has highlighted the issue after becoming aware that there are tools available on the dark web that exploit this vulnerability. They anticipate widespread use of the Modlishka tool, which will compromise previously protected environments.


Modlishka tool

The Modlishka penetration-testing tool was developed by a Polish cyber security researcher and has the ability to intercept data in real time and automate phishing attacks. It sits between a user and a target website such as Outlook 365 or Gmail.

Modlishka is what IT professionals call a reverse proxy. It sends out phishing emails – if you click on the link in the email then you’ll connect to the Modlishka server, which will then use the reverse proxy element to make a request to the website it wants to impersonate.

The victim receives authentic content from the legitimate website but all the traffic and interactions with the website are passed through the Modlishka server, and the information is recorded. This enables it to capture passwords and 2FA details. Cyber criminals can collect these details in real time and use them to login to the victim’s accounts and initiate new and legitimate sessions.

Modlishka tool - how it works

For greater protection you should:

  1. Disable web access to email or remote desktop environments where possible
  2. Use hardware tokens as a means of multi-factor authentication (FIDO 2.0 and U2F)
  3. Implement phishing awareness and education:
    • Don’t click on links in emails – type the address in your browser instead
    • Avoid suspicious email attachments
    • Never share or divulge your passwords
    • Always check that the website address looks right and is spelled correctly

Download this article as a PDF by clicking here.


Talk to us

If you have any queries, or would like to learn more about how we can help protect your business with cyber insurance, please get in touch.

Call us on 0207 089 2900, fill in our Contact Us form or email us at