Barracuda Networks shows in a new study how the updated “Tycoon 2FA” platform for Phishing-as-a-Service (PhaaS) has become a powerful tool for cybercriminals. The new version uses advanced methods to bypass two-factor authentication (2FA) and avoid detection by security tools.
What is PhaaS and Tycoon 2FA?
PhaaS platforms like Tycoon 2FA contain ready-made tools to carry out advanced phishing attacks. The platforms make it easy for attackers to target both organizations and individuals. According to Barracuda analysts, the PhaaS in approximately 30 percent of all phishing attacks in 2024 – and the share is expected to increase to 50 percent in 2025.

The latest version of Tycoon 2FA is specifically designed to not only bypass 2FA but also steal login credentials by exploiting “session cookies” from Microsoft 365To further complicate detection and analysis, the platform has several advanced features:
- Attacks from legitimate but likely compromised email accounts
- Modified source code as complicates analysis of harmful web pages
- Blocking automated security scripts and penetration testing tools
- Keystroke detection to identify inspection and block further activity
- Disabling right-click menus and copying text from pages
A growing threat
– Net fishing has developed into a complex and sophisticated attack method where criminals have access to increasingly sophisticated resources. PhaaS groups play a central role in that ecosystem, and we expect them to become even more significant. We have observed Tycoon 2FA in several phishing campaigns in recent months and sees a continued development of methods to circumvent traditional security measures, says Deerendra Prasad, Threat Analyst at Barracuda.
Klas Palmer, security expert at Barracuda in Sweden, adds:
– Many organizations still see two-factor authentication as a safe barrier against phishing attacks. But now Tycoon 2FA shows that even these solutions can be bypassed. Multi-factor authentication therefore needs to be complemented with advanced, flexible and innovative defense solutions. More sophisticated phishing campaigns mean that we must continue to educate and prepare for an increasingly advanced threat landscape.
How to protect yourself
To counter the threat from PhaaS and Tycoon 2FA recommend Barracuda the following actions:
- Use multi-factor authentication. Despite the threat from Tycoon 2FA, it remains important in combination with other measures.
- Implement advanced security solutions. They can analyze and block malicious websites and emails
- Educate employees. Important to increase awareness of phishing attacks and how to detect them








