Researchers found a new phishing technique called SaaS-to-SaaS, a novel phishing strategy used by threat actors to evade security solutions. Based on reports, there is a rise in other malware delivery operations circulating in the wild.
Phishing campaigns have now used video conferencing platforms, cloud-based file-sharing platforms, SMS, and workforce messaging apps to execute their phishing operations.
The SaaS-to-SaaS phishing campaign strategy is a multi-layered attack chain.
According to an investigation, the SaaS-to-SaaS phishing method is an elusive operation wherein its operators use a multi-stage attack chain. The phishing campaign for this trick initiates with the delivery of a fake secure document, invoice, or PDF stored on cloud services.
The compromised docs are downloaded or activated through cloud services for the user to access the PDF for viewing. These phishing emails are challenging to detect when scanning as their components appear legit.
Modern hackers have actively exploited multi-stage cloud phishing methods, including traditional phishing attacks with second-phase actions. These attackers could steal an employee’s email and create a new Office 365 email account using a victim’s name on a compromised device.
In addition, they utilise the victim’s legitimate user account to deploy phishing emails sent to other employees and customers internally. They could also collect other employees’ accounts by internal phishing and spreading malware on the infected systems.
December last year, cybersecurity experts explained how complex attacks, like SaaS-to-SaaS, could be automated to develop an entire infection process.
Attackers could make millions of spear phishing messages, multiple scripts with variations, and other compromised artefacts within seconds using an AI Chatbot.
Furthermore, hackers use Smishing, QRishing, and social engineering tactics to deliver malware to targeted victims via cloud hosting platforms.
In 2022, some hackers have already utilised the strategies mentioned to deploy several massive attacks against well-known companies such as MS Azure AD, Uber, DropBox, and LinkedIn.
Currently, users should learn and be knowledgeable about the trends and cybersecurity issues to better deal with risks and mitigate the chances of falling victim to phishing attacks.
