Phishing Attacks Leveraging Legitamate SaaS Platforms Increased 1,100 Percent

As threat actors look for ways to evade detection by security solutions, the use of cloud applications has seen a material jump in the last 12 months, according to new data.

While we see plenty of cyberattacks that utilize dark infrastructure to accomplish malicious activities, threat actors are using the legitimacy of web-based application platforms to ensure phishing email delivery to the inbox.

In the latest report from Palo Alto Network’s Unit42, Legitimate SaaS Platforms Being Used to Host Phishing Attacks, we find that the increases are far more significant than expected. According to the report, the following types of SaaS platforms were included in their analysis of phishing URLs:

They found a staggering and continually increasing trend of misuse of these platforms to host phishing URLs. In the 12 months between June 2021 and June 2022, the number of malicious phishing URLs increased by 1,100%.

According to the report, these sites were used for many purposes, including:

• Design / Prototyping
• Website Building
• Form Building

The result is that malicious websites that look like legitimate brands are being used for attacks focusing on both credential theft and fraud.

And, given the “hockey stick” chart above, organizations should expect this to continue, making it more challenging to spot phishing emails via security solutions. This makes it necessary to employ users to play a role in identifying and stopping phishing emails – something they’ll need to be educated on via Security Awareness Training to do it effectively.

Information used in this article was provided by our partners at KnowBe4.