Security News > 2022 > August > Phishing attacks abusing SaaS platforms see a massive 1,100% growth
Threat actors are increasingly abusing legitimate software-as-a-service platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials.
Because SaaS platforms simplify and streamline the process of creating new sites, phishing actors can easily switch to different themes, scale up or diversify their operations, and quickly respond to reports and takedowns.
Unit 42 has divided the abused platforms into six categories: file sharing and hosting sites, form and survey builders, website builders, note-taking and documentation writing platforms, and personal portfolio spaces.
The Unit 42 report explains that in many cases, the phishing actors host their credential stealing pages directly on the abused services, so they send an email to targets containing a URL leading to the page.
The phishing site can be hosted on a bulletproof service provider that doesn't respond to takedown requests, so the phishing actors follow that practice to increase campaign uptime while sacrificing the conversion rate.
Stopping the abuse of legitimate SaaS platforms will be very hard, as implementing aggressive email filters against those services isn't a choice.
News URL
Related news
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)