State of the SaaS Security Union
ATT&CK techniques detected
T1525Implant Internal Image
84%
"objects to which salesloft never needed access, enabled solely by poor integration account configurations. - avoid overprivileged accounts provision each user and integration with only the access required for their specific purpose. no shared integration profiles. - restrict acce…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
70%
"my opinion. the campaign has since expanded to google workspace and other integrations. the security gaps exposed the gap in sophistication between these two threat actors is substantial. in just two months, we ’ ve gone from basic phishing attacks to an adversary with a deep und…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
36%
"state of the saas security union we are now facing two concurrent threat actors actively targeting saas applications and their customers : the first group, unc6040 ( also known as shinyhunters or scattered spider ), claims overlap with the actors behind the snowflake breach. they…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Two threat groups are exploiting SaaS at scale: one with phishing and data theft, the other with nation-state level tactics exploiting integrations and credentials. Here’s what you need to know and how to protect against the next wave.