Why make phishing pages from scratch if you can abuse legitimate sites to do the same? That’s what threat actors have been working on as attacks against Software-as-a-Service (SaaS) platforms increase drastically. Research by Unit 42 has revealed a lot of details about the same.

Diving into details

  • From June 2021 to June 2022, the abuse of SaaS platforms rose by 1,100%.
  • The exploited platforms have been classified into six categories, namely website builders, file sharing and hosting sites, note-taking and documentation writing platforms, form and survey builders, and personal portfolio builders.
  • However, form builders, website builders, and collaboration platforms were the most abused.

Why this matters

  • As phishing URLs are being hosted in legitimate domains, it is challenging for phishing detection engines to identify the attacks.
  • Moreover, these platforms require little to no coding experience, lowering the barrier to entry for designing and launching phishing attacks.
  • Abusing SaaS platforms allows phishers to evade alerts from email security systems and take advantage of high availability. 
  • In addition to the above, these platforms simplify and streamline the process of building new sites, implying that the attackers can effortlessly jump to various themes, diversify operations, and rapidly respond to takedowns and reports.

Notable phishing techniques

  • Just a few days back, three autonomous threat actors—Silent Ransom Group, Quantum, and Roy/Zeon—were found using BazarCall phishing tactics to gain access to target networks. 
  • A new phishing campaign witnessed threat actors using Hostinger’s preview domain features to target Indian banking customers. 
  • Earlier this month, Cofense spotted a unique credential harvesting campaign that included a countdown timer in the phishing email to scare targets into giving up their credentials.

The bottom line

All this suggests that just because a URL is hosted on a legitimate domain doesn’t mean that the URL is trustworthy. Therefore, dear users, be careful while entering your credentials into an online platform. Moreover, be suspicious of weird emails and always check their language.
Cyware Publisher