While most phishing attacks are delivered via emails, researchers noted a rise in other delivery methods such as video conferencing platforms, workforce messaging apps, cloud-based file-sharing platforms, and SMS. With that being said, here are details about the new SaaS-to-SaaS phishing technique and other novel phishing techniques in use.
SaaS-to-SaaS phishing attack
The SaaS-to-SaaS phishing attack technique is a hard-to-detect method wherein attackers use a multi-stage attack chain.
- This phishing attack starts with the delivery of a fake invoice, secure document, or PDF hosted on cloud services.
- Either this document is downloaded or enabled via cloud services for the user to open the PDF for viewing.
These phishing emails are hard to detect at the time of scanning as their components, including the content and URLs appear legit.
Multi-stage cloud phishing attack
Hackers are actively using multi-stage cloud phishing techniques that combine traditional phishing with second-phase or even third-phase actions.
- Attackers steal an employee’s email and establish a new Office 365 account on a rogue device in the victim’s name.
- Further, they use the victim’s legitimate user account (established on the rogue device) to internally send phishing emails to other employees or to their customers.
- They steal the other employees' accounts by internal phishing and deploying malware on the compromised systems.
Other novel phishing techniques
Last month, experts demonstrated how complex attacks can be automated to create a full infection flow, from spear-phishing to reverse shell, using AI models.
- With the addition of an AI Chatbot, attackers can generate millions of spear phishing messages, multiple scripts with variations, and other malicious artifacts in seconds.
- Hackers are using Smishing (SMS+Phishing), QRishing (QR Codes + Phishing), and SMishing + QRishing+ social engineering tactics delivered to victims via cloud hosting platforms.
- Last year, attackers used these above-mentioned techniques to launch several prominent attacks against LinkedIn, Microsoft Azure AD, Dropbox, Uber, and other companies.
Stay safe
Users are suggested to learn from the trends and incidents to better manage related risks and adopt a zero-trust architecture for email security.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_594754214.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_518873044.jpg)
