Phishing URLs increasingly hosted on SaaS platforms

According to Palo Alto Networks Unit 42 research, the rate of newly detected phishing URLs hosted on legitimate SaaS platforms has increased over 1100% in the last 2 years.

Popular SaaS platforms hosting phishing URLs include file sharing services, form and website builders, collaboration software and various online design/prototyping tools.

These SaaS tools offer easy capability to build pages and forms that mimic legitimate services, all without coding experience, lowering the barrier to execute attacks.

Furthermore, most SaaS web urls are often implicitly trusted by web filtering and firewall protections in many organizations, sometimes whitelisted at domain or certificate name level.

The problem is further compounded by weak authentication practices at many SaaS providers. Recent research shows that many SaaS apps have inadequate password and authentication requirements that could leave users vulnerable, including allowing users to set weak and cracked passwords, with little or no strong authentication.

With new SaaS platforms continuing to rise in popularity, it is likely that trusted SaaS applications will be increasingly used to distribute phishing links, making it absolutely critical that URL Filtering products are equipped with the right capabilities to detect these types of phishing URLs. This means filtering not only at the domain level, but at the content delivered by those domains.

At the end of the day, filtering technology will fail sometimes, so it is also important to strengthen the employees preparedness for phishing attacks via ongoing security awareness trainings (SAT). Software supported SAT tools make this task much easier to accomplish and much more effective to deploy across the organization.

Read more on the Palo Alto Networks research here.