Oasis Ticket Sales Scams: How to Stay Safe
During our weekly meetings with the banking industry and Police Scotland, we continue to see a significant increase in ticket scams over the last three…
Threat Actors Using Legitimate Software-As-A-Service Platforms to Create Malicious Phishing Websites
Description:
The number of phishing attacks using legitimate software-as-a-service (SaaS) platforms has risen by 1100% since June 2021, according to a report published by Palo Alto Networks Unit 42. Notably, there has been a recent huge spike in the number of detected phishing URLs hosted on SaaS platforms since May 2022.
Many threat actors use these platforms to get around URL detection systems, such as those used to scan emails. By hosting their malicious site on a legitimate platform, a phishing email containing a link to one of these sites is less likely to be flagged as malicious and has a higher chance of reaching the intended target.
Unit 42 has noted that as many of these SaaS platforms are designed to be easy to use with little or no coding skills required, the barrier for entry to creating and launching phishing attacks has been significantly lowered, perhaps contributing to the recent sharp rise in phishing URL’s detected and created using SaaS.
Preventions:
Phishing attacks are one of the most used methods by hackers to gain access to a system. To reduce the chances of a phishing attack from becoming successful:
- Turn on spam filters and investigate possible anti-phishing solutions. Using systems that detect phishing emails can help prevent these emails from reaching your users.
- Train staff to spot the signs of a phishing attack, such as looking for spelling mistakes, bad grammar, odd email handles and urgent requests.
- Should a phishing email land in your inbox, notify all staff to look out for similar emails. If possible, block the email domain and IP address.
- Create an atmosphere of trust within your organisation – ask staff to report any phishing emails as soon as possible, especially if they have clicked on any links or files within the email.
Related Links:
https://unit42.paloaltonetworks.com/platform-abuse-phishing/ – Published August 23rd
Related articles
Alert: Unpatched Microsoft Office Vulnerability Exposes NTLM Hashes
Microsoft has recently disclosed a significant security vulnerability affecting multiple versions of its Office suite, including Office 2016, Office 2019, Office LTSC 2021 and Microsoft…
Public Alert: Windows 11 End of Support – Action Required
Microsoft has issued an important reminder that multiple editions of Windows 11 will reach the end of their support lifecycle on 8 October 2024. This…