Cybersecurity Dive reported:
W3LL, a referral-based dark web marketplace, sells multiple phishing tools and custom phishing kits that bypass multifactor authentication and specifically target Microsoft 365 business accounts, the researchers said. The store has more than 500 active users.
Threat actors used the phishing tools to target more than 56,000 corporate Microsoft 365 accounts in the U.S., Australia and Europe from last October through July, according to Group-IB. Microsoft did respond to a request for comment.
“The tools provided even demonstrate that, although useful, MFA is not a silver bullet when it comes to account takeovers due to credential theft,” Erich Kron, security awareness advocate at KnowBe4, said via email.
Threat actors used the phishing tools to target more than 56,000 corporate Microsoft 365 accounts in the U.S., Australia and Europe from last October through July, according to Group-IB. Microsoft did respond to a request for comment.
“The tools provided even demonstrate that, although useful, MFA is not a silver bullet when it comes to account takeovers due to credential theft,” Erich Kron, security awareness advocate at KnowBe4, said via email.
Find the original article and read more here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat