4 min read

Phishing Attacks against SaaS, Webmail Services Rise Sharply in Q1

Luana Pascu

May 20, 2019

Phishing Attacks against SaaS, Webmail Services Rise Sharply in Q1

Believing that security incidents are imminent and probably unavoidable, enterprises are turning to advanced digital forensics to better understand and identify bad actors, and are open to using deception through technology such as honey pots or seeding fake data to help hunt down cybercriminals later, according to Neustar research. They’re also open to using deceptive tactics, such as deploying honey pots or seeding fake data to help hunt down cybercriminals later.

More than half of security professionals from the EMEA region and the US, meanwhile, claim phishing is still “a growing threat,” but 49 percent are also concerned about targeted hacking and DDoS attacks, the survey found.

Research between January and March 2019 shows cybercrime groups shifted their attention from the classic target of payment services to businesses offering Software-as-a-Service (SaaS) and web-based email services, two of the fastest-growing industries, according to the trends report released by APWG (Anti-Phishing Working Group). Attacks against cloud storage and file hosting sites decreased considerably, from 11.3 percent to barely 2 percent.

SaaS platforms and webmail services are gaining popularity because they provide online business solutions and are easy to use by anyone with internet access. Unsecured Wi-Fi connections make tools such as collaboration platforms and billing tools vulnerable to third parties that manipulate the data stolen for spear-phishing campaigns. Once they have the information, hackers orchestrate targeted, well-crafted emails to C-level executives or key employees to infiltrate and hijack the organization’s infrastructure.

According to malware analyses, 36 percent of phishing attacks in the first quarter of 2019 targeted these two categories, as hackers look to steal sensitive personal and financial information, including geolocation, preferences, credit card numbers, payment details and email addresses. This figure is “up significantly from 30 percent in 4Q 2018 and 20.1 percent in 3Q 2018. Phishing against the SaaS and webmail category became the biggest category of phishing, eclipsing phishing against the payment services category for the first time,” says the report.

Normally, HTTPS encryption protocol would secure communication and website traffic and preserve data integrity, but, according to research, hackers are tampering with TLS signatures as “the number of phishing attacks hosted on web sites that have HTTPS and SSL certificates reached a new high.”

Considering overall phishing attacks in Q1 of 2019 rose sharply from the third and fourth quarters of 2018, companies could jeopardize their clients’ data privacy if they postpone implementing a legitimate security policy. Out of all phishing attacks, for example, 27 percent targeted payment solutions, 16 percent were cast against financial institutions and only 3 percent attacked eCommerce / Retail and Telecom, the analysis shows.




Luana Pascu

From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.

View all posts

You might also like