Massive Growth in Phishing Attacks Targeting SaaS Platforms

Clarity Blog Header sm 3

According to a new report by Palo Alto Networks, phishing attacks targeting SaaS platforms have experienced 1,100% growth. The report measured attacks on software-as-a-service (SaaS) platforms from June 2021 to June 2022. The increase was massive and alarming.

SaaS platforms include personal branding spaces, website builders, file sharing and hosting sites, form and survey builders, note-taking and documentation writing platforms, and personal portfolio spaces. Threat actors are creating malicious phishing websites that steal login credentials for these SaaS platforms.

Why are SaaS platforms being targeted? 

The function of many SaaS platforms is to simplify the process of creating something, such as a new website. Cybercriminals benefit from this because they don’t have to learn new code to create a legitimate-looking website to fool victims. With SaaS platforms, threat actors can switch between different website themes and quickly respond to takedowns and reports. In summary, SaaS platforms are a quick and easy target for cybercriminals.

Significant findings from the Palo Alto Networks Report

  • Overall targeted SaaS platforms grew by 1,100% in 12 months (June 2021 to June 2022).
  • All SaaS categories were targeted, but the most highly targeted types were collaboration platforms, website builders, and form builders.
  • There was a notable increase in targeted form builders in October 2021. The reason is unknown.

How are cybercriminals using SaaS platforms to target their victims?

Two main ways: 

  1. By hosting their credential stealing pages directly on the compromised site. This way, they can send an email to victims containing a URL leading directly to the page.
  2. When the compromised landing page doesn’t include credential-stealing forms, cyber criminals use a link that takes the victim through a redirection step to another malicious site.

How can you avoid a compromised SaaS platform?

SaaS platform targeting is here to stay. Often offering a quick and easy target, cybercriminals will continue to set their sights on a wide range of SaaS platforms.

To protect yourself and your organization, avoid clicking embedded links or buttons or taking action if pop-ups or emails request quick action. Always check with your IT person or IT team before clicking unknown links or taking action based on an email or other message.

If you think you or your organization may have fallen victim to a SaaS platform attack, Clarity Technology Group can help. We support small to medium-sized businesses in the Greater Madison, WI area with managed IT services. Get in touch with the Clarity Technology Group team here