Breaking

SaaS platforms are targeted by hackers with 1100% rise in phishing attacks

Cybercriminals are continuously targeting SaaS solutions and platforms to create dubious websites and steal login credentials. As per Palo Alto Networks Uni 42 report, experts have identified a sudden increase in such malicious patterns with a rise of 1100% in the last one year.

Hackers employ SaaS platforms to evade alerts via emails, high availability of the platform, and to bypass coding procedures as there is a legitimate looking website already which yields results for them.

And since customization comes with SaaS platforms, the threat actors can easily exploit this feature to redefine their websites for new targets.

SaaS platform services exploited by hackers in general

As per Unit42 report, hackers exploit six prime categories of services offered by SaaS platforms,

  • File sharing and hosting sites
  • Website builders
  • Note-taking
  • Documentation writing platforms
  • Form and survey builders
  • Personal portfolio builders

In 2021, a report from Cyren mentioned that the hackers exploited “typeform.com” for phishing and another report from Trend Micro stated that “123formbuilder.com”, “smartsuvey.co.uk”, and “formtools.com” were exploited. Even “Canva.com” has been exploited as per Cofense.

How hackers are abusing the SaaS platform services?

The hackers are said to be hosting their credential stealing webpages through phishing on the above-mentioned services, and blast a mail to targets with the malicious URL in it.

These malicious phished sites are hosted on a bulletproof-service provider thus the uptime of the site will be longer.

In the worst case, if the phished sites are taken down, threat actors can modify the links and redirect the targeted users to a new credential stealing page, thus increasing the success rate of their phishing campaign.

How to stay away from such maliciously phished SaaS websites?

It will be difficult to drop email security filters against these SaaS platforms as they are legitimate sites and their communications are required for our personal or business needs. This is exactly why threat actors employ this phishing strategy and the campaign has better success rates.

Now targeted users need to understand the content of the email and the purpose of it. If there is legitimate looking email from a SaaS platform, it is always good to see if there are any emergencies, fear, and caution alerts.

If its so, its best to cross-verify the same from the SaaS platform website directly without navigating via links, users can also try to contact the original providers via Telephone if its possible.

Any alarming, fearsome, urgency or rewarding emails are highly associated with phishing campaigns.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, and Twitter. You can reach out to us via Twitter/ Facebook or mail us at admin@thecybersecuritytimes.com for advertising requests.

Share the article with your friends
John Greenwood

He has been working with Cybersec and Infosec market for 12+ years now. Passionate about AI, Cybersecurity, Info security, Blockchain and Machine Learning. When he is not occupied with cybersecurity, he likes to go on bike rides!

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago