By Brady Hicks SaaS Under Attack The sneaky underworld of SaaS penetration Every day, legitimate bad actors are finding new ways to infiltrate operations, steal critical data and prey on the mistakes made by a remote workforce. Traditionally, these attacks often have come by luring users to log into a spoofed site and stealing their credentials. Most often, threat actors sought to gain user trust by appearing as a link in one’s email from a seemingly legitimate source, whether an established business or a trusted contact. Sometimes they include nonsensical threats. Other times, it’s more of a numbers game. Now, according to new data published by Palo Alto Networks, a new method of fostering trust has emerged that is far more sinister – and difficult to detect. Cybercriminals are now targeting SaaS (software as a service) platforms, which are otherwise used in an official capacity, to host their own deceptive phishing scams. With this tactic, the victim is conned into believing he or she is logging into a legitimate interface, as it totally appears to be one. The phishing page is posted on the authentic platform and can take the form of everything from website builders to form generators to blogs and other communications software. All to the tune of a 1,100 percent increase in attacks over the single-year period from June 2021 to June 2022. 14 THE CHANNEL MANAGER’S PLAYBOOK
RkJQdWJsaXNoZXIy NTg4Njc=