SaaS Alerts: Cybercriminals Shift SMB Attacks to Mobile Devices

Cybercriminals have shifted their attacks to mobile devices (a 50% increase) and personal communication channels to reach users, according to SaaS Alerts, the software-as-a-service security platform for MSPs. Scams and credential theft were at the top of the list of payloads.

The company issued its third annual SaaS Application Security Insights (SASI) report. It offers a detailed look at the major threats and security gaps that exist in SaaS applications security targeting small businesses.

The report also found that Salesforce and Slack generated the most critical alerts on a per-user/per-alert basis. Of all logged Salesforce events, more than 8% were critical alerts, compared to a little less than 4% for Slack, roughly 2% for Google Workspace and a little more than 1% for Office 365.

SaaS Alerts’ Jim Lippie

Jim Lippie is CEO of SaaS Alerts.

“As we’re seeing with increasing frequency as threat actors become more sophisticated in their methods and tactics, businesses face new and unprecedented challenges with data theft, data-at-risk, and bad actors when integrating with the most popular SaaS applications and MSP tools.”

One Million End-User Accounts

The report offers an analysis as businesses of all sizes across the globe face mounting internal and external threats.

SaaS Alerts reviewed security records of more than 7,400 SMBs and nearly 1 million end-user accounts in 2022. The report assesses key areas of security concern. These include where attacks originate, and tactics most frequently used by bad actors. It also reviewed common events, alerts and threat vectors that organizations need to know.

SaaS Alerts’ report also examines the inherent issues and complexities regarding the accelerated rate of SaaS Application adoption, cybersecurity threats and gaps from external threats such as hackers. It also examines internal insider threats caused by employee or contractor negligence.

The report found that 53% of all attempted unauthorized logins originated from China, Vietnam, India, Brazil and Korea. This year’s report saw a notable decline in attempts from Russia. Russia’s shifted focus on the war with Ukraine may be the reason why.

Brute Attacks

On average, there were approximately 40,000 brute attacks per day against user accounts monitored by SaaS Alerts.

In 2022, there was a 61% increase in the rate of phishing attacks compared with 2021.

Outside-approved locations accounted for more than 55% of the most common critical alerts. These occurred when there was a successful login to a user account from outside of an approved location or an approved IP address range. While this alert can be a false flag due to misconfiguration of approved locations or unexpected user travel, it is serious. It indicates a significant probability that a malicious actor has succeeded in compromising an account.

Compared to last year’s data, the report found a 29% increase in the number of guest user accounts. They can have access to sensitive data and open access points for bad actors. Of the nearly 980,000 SaaS accounts monitored by SaaS Alerts in 2022, 54% were from guest user accounts.