SaaS Attacks Report: 2024 Edition
In the last 18-months, attacks targeting SaaS apps have exploded. This isn’t really surprising when we consider the transformational change that has taken place in terms of business IT, with organizations now using hundreds of SaaS apps to store and process sensitive data, and perform key business operations.?
Nowadays all an attacker has to do is log in to a SaaS app and either dump the data or misuse its intended functionality to achieve their objectives. As the saying goes, “hackers don’t hack in, they log in”.?
The attacks on Snowflake customers earlier this year, affecting ~ 165 organizations worldwide and hundreds of millions of end-customers, was rightly billed one of the biggest breaches in history. It’s a telling example of the risk posed by SaaS attacks that we’ll no doubt look back on as a watershed moment.
Last year, the team at Push Security released the SaaS Attacks Matrix, an open-source repository of SaaS attacks, on GitHub . This free-to-all resource documents ~40 SaaS-specific attack techniques spanning the Cyber Kill Chain that differ materially from traditional endpoint and network attacks, such as those documented in the MITRE ATT&CK Framework. These techniques also circumvent the traditional security controls and tools that organizations rely on, such as EDR.?
领英推荐
The SaaS attack matrix just hit its thousandth star on GitHub and has been adopted by security teams around the world.?
The latest edition of the SaaS report reflects on what’s changed since the matrix was first released, calling out key techniques that have emerged and risen to prominence. The report is an essential resource for security professionals – whether you’re a red team looking to emulate the latest attacker techniques, or a blue team looking to detect and block them.
So if you want to learn more about key SaaS attack techniques like ghost logins, AitM phishing, MFA downgrade attacks, guest access abuse, Oktajacking, shadow workflows, and evil twin integrations – and how they can be chained together as part of an attack – download your copy now.?
“If fifty people work at this place, that’s fifty accounts times however many services I just listed. What, ten? So, we’re talking five hundred various logins to different websites now. Who’s got permission to see what and where?... This is a new territory for security teams to navigate. You hear about this in general terms like ‘least user privilege’ and this sort of stuff, but you don’t have people who are experts in Zapier account security who will audit what apps you have given permission to regularly. This is a big challenge to keep up with.”
Jack Rhysider, Darknet Diaries EP:148 , discussing Push Security threat research
Cybersecurity researchers and vulnerabilities developer
2 个月( :
Cybersecurity Technology & Innovation Policy
2 个月"SaaS attacks - compelling a good read. Mitigation requires constant IT user policy and anti-phishing awareness training. Training should be mandatory colocation onsite training for new employees and repeated offenders, not online. Additionally, it's time to consider using outdoor advertising billboards, similar to how cigarette brands were advertised."
Microsoft Certified: Azure Developer Associate | Udacity Cloud Developer | Udacity FrontEnd Developer
2 个月This is a must read for all #saas apps
Network Security Architect at HCL Technologies
2 个月These Attacks can be simply stopped by the Zero-day Bullet Cyber Warfare Defence Innovations: https://youtu.be/aN3_JaLToS0?feature=shared
Download the complete report here: https://lnkd.in/gQ8NRXGK