Why SaaS? By its nature, a SaaS environment is designed to provide a low- or no-code experience for its users. Unfortunately, this also allows malicious actors to more easily copy and modify pages to use for their own means. With minimal effort, the cybercriminal can create a spoofed page to collect user logins and sensitive information. And, because it resides on an existing, trusted domain, it is better at (a) luring users and (b) evading detection. It’s been so effective, in fact, that Palo Alto observed a “significant” jump in “platform-abuse phishing URLs” since the onset of 2020. Coincidentally, this coincides with the sweeping work-from-home changes instituted due to COVID-19 quarantining. And, despite a slight lull last holiday season, the trend has been surging since February 2022. Common Targets Attacks ballooned from 2,000 per month (April 2022) to nearly 7,000 (June 2022). These assaults occurred almost regardless of SaaS platform use case and have been growing in frequency since the second half of 2021. Palo Alto detailed the most commonly observed attacks as: Personal Branding, which is used primarily to list personal social media, professional sites and portfolios. According to research presented by email security provider Cofense, attackers use these types of platforms because they present a more difficult obstacle toward identifying hosted dangers, especially versus those offered by the top cloud providers. Essentially, they work because they tend to remain undetected – and thus live – online for longer periods of time. Palo Alto noted nearly five existing URLs that were targeted by attacks, per week, over the period studied. Design/Prototyping, for drafting and trialing various web elements. Four attacks per week were observed through the course of the study. Note-Taking/Collaboration, assisting detailed logs, other documents and dashboard creation. Palo Alto recorded just more than three strikes per week in this area. Website Building, which uses a low- or no-code environment to help quickly generate websites. Two attacks per week were noted. Form Building, for creating custom forms and surveys. This area accounted for slightly more than one attack per week. File Sharing, which assists with file hosting and collaboration. Palo Alto logged approximately one attack every other week. The Takeaway Today’s businesses – especially those with a remote or hybrid workforce – need to be more judicious in monitoring SaaS activity. They should also be better equipped with advanced URL filtering and other cybersecurity options for detecting and eliminating these scams before they can do damage. You can no longer trust a URL just because you recognize the domain or platform behind it. That’s the downside to low- and no-code environments: intricate phishing scams can be implemented just as easily as legitimate tasks. And, more troublingly, most conventional cybersecurity techniques tend to miss them. Palo Alto recommends a hybrid approach to fighting these types of attacks, including: • Promoting awareness regarding credentials theft. • Flagging and confirming legitimacy for any request for login. • Being wary of recommendations for urgent or timely action. • Visiting sites directly rather than following links. • Employing URL filtering, with machine learning, to examine web content in detail. • Removing suspicious activity immediately when detected. J In other words, be careful. This trend isn’t likely to go away. Which activities are the most time-consuming? Number of Newly Discovered Phishing. URLs Hosted on Legitimate SaaS Platforms per Week Source: Palo Alto Networks 8000 6000 2020-04-01 2020-07-01 2020-10-01 2021-01-01 2021-04-01 2021-07-01 2021-10-01 2022-01-01 2022-04-01 4000 2000 0 Num. URLs (10-week Moving Average) Percentage of all Newly Discovered Phishing URLs Found Being Hosted on Legitimages SaaS Platforms Source: Palo Alto Networks 8000 6000 2020-04-01 2020-07-01 2020-10-01 2021-01-01 2021-04-01 2021-07-01 2021-10-01 2022-01-01 2022-04-01 4000 2000 0 Pct. Phishing URLs (10-week Moving Avg.) Routine or mundane administrative tasks Routine or mundane customer interactions Trying to find the answer or information Training 26% 34% 18% 14% 17% 14% 17% 17% 16 THE CHANNEL MANAGER’S PLAYBOOK
RkJQdWJsaXNoZXIy NTg4Njc=