SaaS platforms are targeted by hackers with 1100% rise in phishing attacks

Cybercriminals are continuously targeting SaaS solutions and platforms to create dubious websites and steal login credentials. As per Palo Alto Networks Uni 42 report, experts have identified a sudden increase in such malicious patterns with a rise of 1100% in the last one year.

Hackers employ SaaS platforms to evade alerts via emails, high availability of the platform, and to bypass coding procedures as there is a legitimate looking website already which yields results for them.

And since customization comes with SaaS platforms, the threat actors can easily exploit this feature to redefine their websites for new targets.

SaaS platform services exploited by hackers in general

As per Unit42 report, hackers exploit six prime categories of services offered by SaaS platforms,

• File sharing and hosting sites
• Website builders
• Note-taking
• Documentation writing platforms
• Form and survey builders
• Personal portfolio builders

In 2021, a report from Cyren mentioned that the hackers exploited “typeform.com” for phishing and another report from Trend Micro stated that “123formbuilder.com”, “smartsuvey.co.uk”, and “formtools.com” were exploited. Even “Canva.com” has been exploited as per Cofense.

How hackers are abusing the SaaS platform services?

The hackers are said to be hosting their credential stealing webpages through phishing on the above-mentioned services, and blast a mail to targets with the malicious URL in it.

These malicious phished sites are hosted on a bulletproof-service provider thus the uptime of the site will be longer.

In the worst case, if the phished sites are taken down, threat actors can modify the links and redirect the targeted users to a new credential stealing page, thus increasing the success rate of their phishing campaign.

How to stay away from such maliciously phished SaaS websites?

It will be difficult to drop email security filters against these SaaS platforms as they are legitimate sites and their communications are required for our personal or business needs. This is exactly why threat actors employ this phishing strategy and the campaign has better success rates.

Now targeted users need to understand the content of the email and the purpose of it. If there is legitimate looking email from a SaaS platform, it is always good to see if there are any emergencies, fear, and caution alerts.

If its so, its best to cross-verify the same from the SaaS platform website directly without navigating via links, users can also try to contact the original providers via Telephone if its possible.

Any alarming, fearsome, urgency or rewarding emails are highly associated with phishing campaigns.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter. You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.