Cybercriminals are increasingly turning towards legitimate Software-as-a-Service (SaaS (opens in new tab)) solutions to launch, distribute, and advertise their campaigns, security researchers have reported.
Unit 42, the cybersecurity arm of Palo Alto Networks, has published a report which found the abuse of such services soared by 1,100% in a span of a year between June 2021 and 2022.
All kinds of services are being abused: file sharing sites, hosting tools, form and survey builders, website design sites, and collaboration tools, to name a few. Website builders, collaboration platforms, and form builders were also said to have experienced the highest uptick in abuse in the last year.
Saving time and money
Unit 42 says the rising popularity of these tools among crooks can be attributed, first and foremost, to the fact that they are legitimate, and as such, often pass through various fraud and scam filters, including email security solutions.
But it can also be attributed to the fact that they’re super easy and convenient to use, and allow for the quick upscaling and downscaling of campaigns.
What’s more, should law enforcement agencies take down a phishing page, for example, the crooks can simply change the link and have it point elsewhere, while avoiding the gruntwork of having to design the page from scratch. That being said, the tools are built with newbies in mind, which eliminates the need to know how to code, or be well-versed in website, or form, design.
Palo Alto Networks isn’t the only company warning about the abuse of legitimate SaaS solutions, either. As reported by BleepingComputer, Cyren has been warning about the “rampant abuse” of typeform.com since mid-2021, while Trend Micro warned of 123formbuilder.com, formtools.com, as well as smartsurvey.co.uk. Cofense was warning about the abuse of canva.com, as well.
Stopping the abuse of these services, the publication says, will be relatively challenging, as implementing “aggressive email filters” can do more harm than good.
Via: BleepingComputer (opens in new tab)
