Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months

Cybercriminal Selling Golden Ticket Phishing KitsIn the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.

A new report from Group-IB has drawn attention to a covert phishing operation that has been selling custom tools to target Microsoft 365 accounts. The W3LL actor, which has been operating since 2017, has been selling its custom tool, the W3LL SMTP Sender, to send email spam en masse. It later expanded into selling phishing kits for Microsoft 365 accounts, before eventually launching the W3LL store — a members-only darknet marketplace with over 500 active users and 12,000 items, generating over $500,000 in sales in just 10 months.

The W3LL store is famed for the W3LL panel, which is an advanced phishing kit designed to help threat actors bypass MFA in their attacks. The panel is compatible with a range of similarly customized tools, all designed to provide a one-stop shop for business email compromise (BEC) phishing threat actors. The W3LL panel has linked to 850 phishing sites over the last ten months, according to Group-IB.

Group-IB warns that such underground shops are continuously driving innovation among phishing developers who strive to enhance their malicious tools through the introduction of new features and approaches.

Anton Ushakov, deputy head of Group-IB's high-tech crime investigation department, Europe, states, "What really makes the W3LL store and its products stand out from other underground markets is the fact that W3LL created not just a marketplace but a complex phishing ecosystem with a fully compatible custom toolset that covers almost the entire kill chain of BEC attacks and can be used by cybercriminals of all technical skill levels."

High Demand for Phishing Tools

Phishing continues to be a popular means for cybercriminals to obtain confidential information, with data breaches resulting from phishing attacks across the globe. Phishing techniques are also evolving as criminals seek new ways to dupe victims.

With W3LL being a prime example, the cybersecurity community warns that the growing demand for phishing tools and the resulting underground market is attracting increasing numbers of vendors, each of whom has to innovate continuously to stay ahead of the competition.

This competition among vendors in the underground market drives continuous innovation, resulting in new and improved malicious tools that enable phishing developers to enhance the efficiency of their operations through new features and approaches.

With such competition likely to continue, security analysts warn that organizations need to continue to monitor emerging threats, update their system procedures accordingly, and create awareness around phishing attacks, especially among employees handling confidential information. New-school security awareness training and education is the ticket.

Phil Muncaster of InfoSecurity Mag has the full story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing, MFA

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews