Massive Increase in SaaS Phishing Attacks
September 8, 2022

Threat actors have been abusing legitimate software-as-a-service (SaaS) platforms
such as website builders and personal branding spaces to create malicious phishing
websites that steal login credentials. Palo Alto Networks Unit 42 reports that
researchers have seen a sharp rise in abuse, with the data collected showing a
massive increase of 1,100% from June 2021 to June 2022. Using SaaS for phishing
allows phishing actors to evade alerts from email security systems and bypass the need
to code legitimate-appearing websites. In addition, phishing actors can easily switch to
different themes, scale up or diversify their operations, and quickly respond to reports
and takedowns because SaaS platforms simplify and streamline the process of creating
new sites.
Abused platforms have been divided into six categories by Unit 42: file sharing and
hosting sites, form and survey builders, website builders, note-taking and
documentation writing platforms, and personal portfolio spaces. Although there has
been growth in abuse across all categories, the most significant has been in website
builders, collaboration platforms, and form builders. Stopping the abuse of legitimate
SaaS platforms will be very difficult, however, which makes them so suitable for
phishing campaigns and why the rise in their abuse since last year has been so
startling.
Read full article at:
Get our free daily newsletter
Subscribe for the latest news and business legal developments.
Read this next
Top 100 Litigator Sues Blue Cross Over His Cancer Treatment
In 2018, Robert Salim, 67, realized he was seriously ill. After numerous […]
Financial Industry Suing to Foil New Regulations
New rules aimed at lenders, investment funds, and other financial entities would […]
GC Must Warn Boards Of AI Risks
There are companies investing hundreds of millions of dollars or more into […]