The use of software platforms as a service legitimate as vehicles for launch, distribute and advertise campaigns and attacks is increasingly attractive to cybercriminals. So much so that the use they make of SaaS platforms for their attacks has risen 1,100% between June of last year and the same month of 2022.
To do this, attackers abuse legal software-as-a-service sites and services. These include file sharing sites, hosting tools, and form and survey creation platforms. Even from web page design platforms and collaboration utilities. This is how he picks it upa Palo Alto Networks cybersecurity division, Unit 42in a report.
According to this division, the popularity of these types of attack platforms is probably due to the fact that they are legal sites, and as such, they can often pass various anti-fraud and anti-scam filters without problems. Among them, the main email security solutions. But also because they are very comfortable services and that they are really easy to use. As a result, campaigns can be scaled up or scaled down fairly quickly, which is good for cyber attackers.
Another major attraction of software-as-a-service platforms for attack is that if law enforcement manages to shut down a phishing page, for example, attackers are left with no source for their activity until they develop another. But with software-as-a-service platforms, all they have to do is change the link they’re using and point it to another page. Without having to write a single line of code.
This also removes barriers to cybercriminals, who no longer need advanced programming and computer skills to carry out their malicious activities. The tools that are developed for attacks through software-as-a-service platforms are also designed to be so easy to use that even novices can take advantage of them.
Stopping the abuse that cybercriminals are making of SaaS platforms to launch their attacks can be quite complicated, due to the implications that the systems used as a solution for blocking these attacks can have. For example, in the case of filters that can be installed on email platforms to prevent their abuse, very aggressive and restrictive, they can end up causing significant damage to legitimate platform users: problems sending and receiving mail or blocking of attachments are just some of the problems they can have.
