pushsecurity / saas-attacks

Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
https://pushsecurity.com/blog/saas-attack-techniques/
Creative Commons Attribution 4.0 International
1.18k stars 83 forks source link

Hosting phishing pages on SaaS (AMP) #24

Open jacques- opened 1 year ago

jacques- commented 1 year ago

With the google AMP phishing stuff in the news (https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/) I'm wondering if there isn't a generic technique here? This doesn't feel like it's going to be solved quickly.

Perhaps something like "Trusted phishing hosting" - many different SaaS apps allow hosting of custom web content. Clearly the issue is amplified when that SaaS domain also hosts common SSO login pages (as Google above, but you've got to imagine there is going to be an equivalent on MS?).

Otherwise It might be best to just capture the AMP technique directly until we see similar techniques on other platforms.

jacques- commented 1 year ago

Similar deal using looker studio: https://www.bleepingcomputer.com/news/security/google-looker-studio-abused-in-cryptocurrency-phishing-attacks/