Security News > 2022 > August > Phishing attacks abusing SaaS platforms see a massive 1,100% growth

Threat actors are increasingly abusing legitimate software-as-a-service platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials.
Because SaaS platforms simplify and streamline the process of creating new sites, phishing actors can easily switch to different themes, scale up or diversify their operations, and quickly respond to reports and takedowns.
Unit 42 has divided the abused platforms into six categories: file sharing and hosting sites, form and survey builders, website builders, note-taking and documentation writing platforms, and personal portfolio spaces.
The Unit 42 report explains that in many cases, the phishing actors host their credential stealing pages directly on the abused services, so they send an email to targets containing a URL leading to the page.
The phishing site can be hosted on a bulletproof service provider that doesn't respond to takedown requests, so the phishing actors follow that practice to increase campaign uptime while sacrificing the conversion rate.
Stopping the abuse of legitimate SaaS platforms will be very hard, as implementing aggressive email filters against those services isn't a choice.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)