SaaS platforms are facing more phishing attacks than ever

Phishing
(Image credit: wk1003mike / Shutterstock)

Cybercriminals are increasingly turning towards legitimate Software-as-a-Service (SaaS) solutions to launch, distribute, and advertise their campaigns, security researchers have reported.

Unit 42, the cybersecurity arm of Palo Alto Networks, has published a report which  found the abuse of such services soared by 1,100% in a span of a year between June 2021 and 2022. 

All kinds of services are being abused: file sharing sites, hosting tools, form and survey builders, website design sites, and collaboration tools, to name a few. Website builders, collaboration platforms, and form builders were also said to have experienced the highest uptick in abuse in the last year. 

Saving time and money

Unit 42 says the rising popularity of these tools among crooks can be attributed, first and foremost, to the fact that they are legitimate, and as such, often pass through various fraud and scam filters, including email security solutions. 

But it can also be attributed to the fact that they’re super easy and convenient to use, and allow for the quick upscaling and downscaling of campaigns. 

What’s more, should law enforcement agencies take down a phishing page, for example, the crooks can simply change the link and have it point elsewhere, while avoiding the gruntwork of having to design the page from scratch. That being said, the tools are built with newbies in mind, which eliminates the need to know how to code, or be well-versed in website, or form, design. 

Palo Alto Networks isn’t the only company warning about the abuse of legitimate SaaS solutions, either. As reported by BleepingComputer, Cyren has been warning about the “rampant abuse” of typeform.com since mid-2021, while Trend Micro warned of 123formbuilder.com, formtools.com, as well as smartsurvey.co.uk. Cofense was warning about the abuse of canva.com, as well.

Stopping the abuse of these services, the publication says, will be relatively challenging, as implementing “aggressive email filters” can do more harm than good.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
Phishing
Corporate executives are being increasingly targeted by AI phishing scams
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
unblock facebook with vpn
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Latest in Security
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
A close-up photo of an iPhone, with the App Store icon prominent in the center of the image.
Thousands of iOS apps found to expose user data and leak Stripe keys
China
Chinese hackers targeting Juniper Networks routers, so patch now
Latest in News
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
Assassin's Creed Shadows
Ubisoft shareholder accuses publisher of 'misleading investors', plans protest outside Paris HQ
Google Gemini AI logo on a smartphone with Google background
I made an AI version of Bilbo Baggins using Goggle Gemini for free, and shared a pipe with him outside Bag End – here’s what you can now do with Gems
Nicole Kidman wears a blue blouse with her arms crossed.
Netflix might be renewing The Perfect Couple and Beauty in Black for season 2, but I don’t get why when it’s canceled shows with poorer ratings
The Russo brothers posing for a photograph and Herman carrying a Volkswagen camper van in The Electric State
'We're optimists': AI enthusiasts Joe and Anthony Russo defend its use in movies and TV shows, but admit there are 'very real dangers' around its application