Phishing Attacks Against SaaS Platforms Rise by 1,100%

Diving into details

• From June 2021 to June 2022, the abuse of SaaS platforms rose by 1,100%.
• The exploited platforms have been classified into six categories, namely website builders, file sharing and hosting sites, note-taking and documentation writing platforms, form and survey builders, and personal portfolio builders.
• However, form builders, website builders, and collaboration platforms were the most abused.

Why this matters

• As phishing URLs are being hosted in legitimate domains, it is challenging for phishing detection engines to identify the attacks.
• Moreover, these platforms require little to no coding experience, lowering the barrier to entry for designing and launching phishing attacks.
• Abusing SaaS platforms allows phishers to evade alerts from email security systems and take advantage of high availability. 
• In addition to the above, these platforms simplify and streamline the process of building new sites, implying that the attackers can effortlessly jump to various themes, diversify operations, and rapidly respond to takedowns and reports.

Notable phishing techniques

• Just a few days back, three autonomous threat actors—Silent Ransom Group, Quantum, and Roy/Zeon—were found using BazarCall phishing tactics to gain access to target networks. 
• A new phishing campaign witnessed threat actors using Hostinger’s preview domain features to target Indian banking customers. 
• Earlier this month, Cofense spotted a unique credential harvesting campaign that included a countdown timer in the phishing email to scare targets into giving up their credentials.

The bottom line