Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Third-party apps. Show all posts

37% of Third-party Applications have High-risk Permissions

Recent data analysis reveals a significant increase in the integration of third-party apps with email platforms. This trend underscores the rapid expansion of a new avenue of vulnerability that cybercriminals are exploiting, demonstrating their ongoing evolution in attack strategies. 

The presence of software-as-a-service (SaaS) applications is continuously growing within enterprises worldwide. Staff members are providing permissions to external apps, allowing them to access fundamental SaaS platforms such as Microsoft 365 (M365) and Google Workspace. 

This trend introduces security vulnerabilities. Simultaneously, security personnel and organizations are struggling to monitor the number of interconnected applications or assess the extent of the security threats stemming from these apps. Throughout the initial six months of 2023 (spanning January to June), there was a steady upward trajectory in the integration of third-party applications. 

Concurrently, Abnormal noted a consistent escalation in instances of business email compromise (BEC) and vendor email compromise (VEC) attacks. This pattern of growth has remained consistent over the preceding five years. Abnormal's findings revealed that, on average, organizations now incorporate 379 third-party applications with their email systems. This reflects a substantial surge of 128% since the year 2020. 

In the case of sizable corporations employing over 30,000 individuals, the integration of third-party apps rises dramatically to an average of 3,973. These apps encompass a broad spectrum of functionalities, spanning collaboration, productivity, development, social networking, security, and various other domains. 

Among the third-party applications that have been integrated, approximately 37% come with permissions that pose high risks. These permissions include the capability to generate and erase emails or users, and even to reset user passwords. 

Vendor Email Compromise (VEC) falls under the category of Business Email Compromise (BEC), a significant subset of cyber assaults. These attacks entail the falsification or imitation of a corporate email address, with the intention of deceiving the organization, its staff, clients, or associates for fraudulent purposes. 

Business Email Compromise attacks manifest in diverse manners, with Vendor Email Compromise representing a particularly advanced variant within this spectrum. The report also indicated an upswing in BEC and VEC attacks during the initial half of 2023. 

BEC attacks demonstrated a rise of 55% over the preceding six months, with 48% of all entities experiencing at least one VEC attack within the same period. Further insights gleaned from the initial half of the year highlight a 34% surge in VEC attacks when contrasted with the previous two halves. 

Notably, there was a shift in the attack landscape, with BEC attacks surpassing malware instances, a departure from the trends seen in the preceding half. Particularly vulnerable are larger organizations those with over 5,000 mailboxes face a probability exceeding 90% of experiencing at least one BEC attack weekly, alongside a 76% likelihood of encountering a VEC attack. 

Among targeted sectors, the technology industry attracts the highest concentration of BEC attacks, while advertising/marketing is the primary focus for VEC attacks. Other sectors frequently subjected to BEC attacks include construction, finance, transportation, and media/entertainment.