Modern phishing has changed a lot in the past decade or so. MFA-bypassing Attacker-in-the-Middle (AitM) kits are table stakes — anyone can pick up a copy of Evilginx and immediately blow past most email and network security solutions on the market.  

But the most sophisticated attacks — the ones that usually hit the headlines in the form of major breaches — are doing much more than this. The latest generation of fully customized AitM phishing kits are dynamically obfuscating the code that loads the web page, implementing bot protection through custom CAPTCHA, and using runtime anti-analysis features, making them increasingly difficult to detect by the tools most enterprises are using to combat the problem. 

Read our analysis of how modern phishing tools and techniques have changed the game — and what security teams can do to level the playing field.