Over 56,000 Corporate Microsoft 365 Accounts Targeted by W3LL Threat Group

URL: https://www.scmagazine.com/news/w3ll-groups-phishing-tools-used-to-target-56000-corporate-microsoft-365-accounts?nbd=wvnDLHoB12oGuDO_S1DD&nbd_source=mrkto&mkt_tok=MTg4LVVOWi02NjAAAAGODyO_Qy-aYul2DP7mT-Zpr7zsoWPf866i0tfiby1O0qYCrLNsaL-mCm10JwjxDJ-6xyQcmjmymVsN6iJiqajHjgh408lCSohc95A5SPoQ

In a blog post Sept. 6, Group-IB researchers reported that a mostly hidden underground market named W3LL Store served a closed community of at least 500 threat actors who could purchase a custom phishing kit called a W3LL Panel. The kit was designed to bypass multi-factor authentication (MFA) and also contained 16 other fully customized tools for business email compromise (BEC) attacks. (View Highlight)

The W3LL phishing kit, and the details of its business model, signal the smoke before the coming wildfire of adversary-in-the-middle (AiTM) proxy attacks, explained Pyry Avist, co-founder and CTO at Hoxhunt. Avist said these AiTMs are the future of phishing because they’re extremely effective, hard to identify and detect and, most concerning, they are becoming easier to use. (View Highlight)

“Now with malicious chatbot tools, these types of BEC attacks are expected to grow in the coming year,” Harr said. “It’s important to invest in cybersecurity tools that use automation, machine learning, relationship graphs, and generative AI to quickly detect, predict and top BEC, as well as, spear-phishing which is typically the start of Microsoft 365 attack chain.” (View Highlight)