Black Hat Europe 2025 | Insights From Phishing-Resistant Authentication

How many phishing attempts bypass enterprise pre-authentication security, including email gateways, DNS filtering, SASE, SWG, browser security, and endpoint protection, to trick users into malicious logins? And how effectively do current security systems detect and respond to these? While general phishing trends are known, the true impact and organizational defense postures remain unclear.
Analyzing two years of phishing attempts stopped only by phishing-resistant authentication, we quantify a notable volume of attacks that bypass the pre-authentication security layers and successfully trick users. We then dive into events linked to AiTM campaigns using EvilProxy kits, dissecting their patterns across verticals and company sizes, identifying indicators of compromise, and tracking longitudinal trends. As part of our investigation, we also reached out to impacted organizations, with a notable number indicating they hadn’t detected these attempts until our notifications.
This work provides crucial, data-driven evidence highlighting the importance of phishing-resistant authentication and exposing many organizations’ often mediocre security postures. It transforms failed authentication into actionable threat intelligence, revealing and helping address organizations’ actual security gaps.

By: Fei Liu | Principal Emerging Technology Researcher, OktaBlack HatRead More