As Business Email Compromise (BEC) becomes more prevalent, Group-IB uncovers the developing tactics, tools, and infrastructure employed by specific threat groups orchestrating the attacks.
Discover the shift in attack strategies as adversaries evolve from low-skilled fraudsters to sophisticated criminal networks. With phishing remaining an integral intrusion vector in BEC attacks, this report delves into this trend using the case of the W3LL threat actor’s BEC-focused phishing operation.
Group-IB experts conducted a detailed analysis of the main trends in BEC, scrutinizing the W3LL phishing ecosystem, their underground marketplace, linear evolution, and how they compromise business email accounts utilizing W3LL tools. To counter this formidable threat, the report highlights concrete mitigation steps to prevent the incidence and impact of BEC attacks for various organizations.
The W3LL phishing tools ecosystem
W3LL enterprise is a private all-in-one ecosystem of phishing tools, specifically designed to compromise corporate email accounts. According to Group-IB’s rough estimates, W3LL’s Store’s turnover for the last 10 months may have reached $500,000.
Private club of threat actors
Around 500 individual threat actors of various proficiency in cybercrime are using extremely efficient W3LL tools to conduct BEC-focused phishing campaigns.
W3LL's primary weapon
W3LL Panel OV6 - a fully automated private phishing kit with adversary-in-the-middle technique is implemented, allowing criminals to bypass the benefits of 2FA.
As of August 2023, in addition to the W3LL Panel phishing kit, the marketplace offers 16 other fully customized tools covering almost the entire BEC kill chain, including SMTP senders, phishing kit, account discovery instruments, reconnaissance tools, and more for conducting complex and highly effective BEC phishing campaigns.
Targeted regions and sectors
W3LL phishing tool kit is being used in attacks all over the world - with over 56,000 corporate Microsoft 365 accounts targeted in the USA, UK, Australia, and Europe between October 2022 and July 2023. Industries frequently affected include manufacturing, IT, financial services, consulting, healthcare, and legal services.
Emerging trends in BEC attacks
Learn about the new techniques implemented by threat actors like adversary-in-the-middle phishing kits, phishing email attachments, advanced traffic filtering, etc, to improve the efficiency of their attacks.
Modern BEC toolset
Know the full spectrum of unique tools used by well-organized criminal businesses to execute successful phishing operations.
The kill chain of recent BEC attacks
Learn about the attack schemes and tactics employed by threat actors to manipulate victims and compromise their corporate accounts.
Organization of the advanced cybercriminal group
Gain insight into the structure of modern cybercrime communities and the factors that make their attacks most effective.
Protection and mitigation recommendations
Arm yourself with the knowledge provided by Group-IB experts on efficient defense measures against BEC attacks, one of the most dangerous cyber threats in the world.
Regardless of the scheme chosen by the threat actors, the overall impact on a company that has suffered a BEC attack is financial loss (from several thousand to several million euros), data leaks, reputational damage, claims for compensation, and even lawsuits.
Activate advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.