- Palo Alto Networks Unit 42 has noticed an increase in phishing attempts through SaaS platforms and decided to investigate it further.
- The result of the research shows that there is a 1,100% year-over-year increase in the phishing attempts that uses SaaS platforms.
- Notetaking/collaboration, design/prototyping, and website builders are the most common platform types that malicious actors utilize.
Hackers are pushing forward with many innovative ways of hacking their targets and the human factor is an important aspect of it. In the last couple of months, we have seen many phishing attempts that try to deceive people to click links or install malware on their systems. Palo Alto Networks Unit 42 has made research about this issue.
Deceiving users with legitimate platforms
Many organizations nowadays take advantage of Software-as-a-Service (SaaS) platforms to store files, build websites, and enable collaboration. The researchers have recently noticed that those platforms are being utilized by malicious actors for phishing attempts. and decided to investigate. The report shows there is a huge spike in phishing attempts through legitimate SaaS platforms.
The graph shows that there is a year-over-year 1,100% increase in platform-abuse phishing URLs per week. Also, there is a noticeable spike that begins in late February then its rise further accelerates in mid-April. When we check the types of the services by SaaS platforms, we can see that the notetaking/collaboration category is the most abused one, slightly more frequent than the design/prototyping and website builders categories.
Unit 42 gives some examples of phishing through legitimate SaaS platforms and states that the threat actors generally set up their landing pages with credential stealing capabilities directly on the platforms. However, some of the cases show that they redirect the victims to another page that is hosted on a harder-to-takedown service provider. While this move reduces the success rate of the phishing attempt, in case of a takedown, it is also easier to set up again and start over.