top of page
Search

Saas as a threat

  • jctibor
  • Dec 16, 2023
  • 1 min read

Saas as a trat
Saas as a treat

Attacks like credential stuffing or email phishing to access SaaS applications are known and most employees are aware of them.


Now, however, a much more dangerous trend is emerging. Instead of attacking a customer's tenant for a SaaS application (e.g., at Microsoft 365), an attacker lures employees into joining a tenant created and controlled directly by the attacker. SaaS applications allow anyone to name their application tenants freely, including the company name and the use of terms such as Teams.



Attackers send invitations directly to employees from the application, asking them to join or register if they aren't already a user.

It is very difficult for employees to recognize that it is an attack, especially if the invitations are tailored to the company's environment. Continuous training of employees for all possible types of attacks is therefore absolutely necessary.



 
 

Contact us

Do you wish to cooperate? Contact us by phone or email.

Capital city of Prague, Czech Republic

CTIBOR LEGAL v.o.s., advokátní kancelář

The Flow Building

Václavské náměstí 2132/47

110 00 Praha

Czech Republic

IČO (ID No.) 17851165  |  DIČ (VAT No.) CZ17851165 

Inscripted in the Commercial Register held by Municipal Court in Prague, File Nr. A 80114

office@ctiborlegal.cz  |  +420 227 023 217

  • LinkedIn

© CTIBOR LEGAL v.o.s.,

Law Office

Created inelizatelier.

bottom of page