SaaS Threats are Escalating: A Follow-Up to Our Recent Analysis
ATT&CK techniques detected
T1525Implant Internal Image
92%
“##force to ecosystems within google workspace and microsoft 365. that view has since been confirmed in reporting via security boulevard. saas applications are interconnected by design, and adversaries are exploiting this by moving from a foothold in one platform into dozens more …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1528Steal Application Access Token
83%
“to determine the scope of the intrusion, let alone contain it quickly. how these campaigns are playing out previously, we explained that attackers were using oauth phishing and vishing campaigns to target saas users. in the fireside chat, we dug deeper into how those campaigns ac…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
41%
“saas threats are escalating : a follow - up to our recent analysis last week, we shared research on two concurrent threat actors targeting saas applications at global enterprises : unc6040 ( shinyhunters / scattered spider ), who rely on credential attacks and oauth phishing, and…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
SaaS attacks are accelerating fast. Our latest research and fireside chat with experts from AppOmni and Bishop Fox expose how threat actors are exploiting OAuth, targeting admins, and moving laterally across cloud apps—and what defenders can do to stop them.