Welcome back! Following recent posts on malware propagation and accidental exposure, I’d like to kick off the final installment in this blog series discussing common threats in SaaS: malicious data exfiltration.
Although less common than malware propagation and accidental exposure, malicious data exfiltration by SaaS applications is still seen frequently enough that the right preventive measures need to be put in place.
Perpetrators of these types of attacks are commonly employees with criminal intent or who recently left the company, whether of their own accord or not. An individual can add a personal email address to an organization’s SaaS application for a public account. Once that personal email address is on the account, the person can still access sensitive files even after employment has been terminated. Some enteprise-grade SaaS applications generally have a process for removing terminated employees, but not all of them do.
Malicious data exfiltration could also be malware that is able to grab data from a SaaS application, or files that were stored on a device that leverages the cloud to send the data outside the organization.
An example of this would be Dyre, a banking trojan. Utilizing man-in-the-browser (MitB) techniques, when a user logs into a bank’s website, Dyre captures the login credentials and other session data necessary to gain access to the account in order to commit financial fraud. Originally developed to target online banking websites, Dyre, and other variants, have started targeting SaaS applications with access to valuable data.
With cybercriminals working relentlessly to gather as much data as possible, it is important to understand the threats and take measures to protect your applications.
To learn more about protecting your SaaS applications: