Security News > 2022 > August > Phishing attacks abusing SaaS platforms see a massive 1,100% growth
Threat actors are increasingly abusing legitimate software-as-a-service platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials.
Because SaaS platforms simplify and streamline the process of creating new sites, phishing actors can easily switch to different themes, scale up or diversify their operations, and quickly respond to reports and takedowns.
Unit 42 has divided the abused platforms into six categories: file sharing and hosting sites, form and survey builders, website builders, note-taking and documentation writing platforms, and personal portfolio spaces.
The Unit 42 report explains that in many cases, the phishing actors host their credential stealing pages directly on the abused services, so they send an email to targets containing a URL leading to the page.
The phishing site can be hosted on a bulletproof service provider that doesn't respond to takedown requests, so the phishing actors follow that practice to increase campaign uptime while sacrificing the conversion rate.
Stopping the abuse of legitimate SaaS platforms will be very hard, as implementing aggressive email filters against those services isn't a choice.
News URL
Related news
- 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)