Massive Increase in SaaS Phishing Attacks

Threat actors have been abusing legitimate software-as-a-service (SaaS) platforms
such as website builders and personal branding spaces to create malicious phishing
websites that steal login credentials. Palo Alto Networks Unit 42 reports that
researchers have seen a sharp rise in abuse, with the data collected showing a
massive increase of 1,100% from June 2021 to June 2022. Using SaaS for phishing
allows phishing actors to evade alerts from email security systems and bypass the need
to code legitimate-appearing websites. In addition, phishing actors can easily switch to
different themes, scale up or diversify their operations, and quickly respond to reports
and takedowns because SaaS platforms simplify and streamline the process of creating
new sites.
Abused platforms have been divided into six categories by Unit 42: file sharing and
hosting sites, form and survey builders, website builders, note-taking and
documentation writing platforms, and personal portfolio spaces. Although there has
been growth in abuse across all categories, the most significant has been in website
builders, collaboration platforms, and form builders. Stopping the abuse of legitimate
SaaS platforms will be very difficult, however, which makes them so suitable for
phishing campaigns and why the rise in their abuse since last year has been so
startling.