Analysis of security events across more than 120,000 user accounts last year shows that the vast majority of attacks on top SaaS platforms such as Microsoft 365, Google Workspace, Slack and Dropbox are coming from Russia and China.
The latest SaaS Application Security Insights (SASI) Report from SaaS Alerts also suggests these countries may be coordinating attack efforts. Attack trend lines that compare Russia and China show almost exactly the same pattern.
On average, SaaS Alerts is seeing approximately 10,000 brute force attacks each day against the user accounts monitored. The origin of potential attacks can be traced back to specific countries with current data indicating that attempted unauthorized logins are coming from actors located in China, Vietnam, Russia, Korea and Brazil.
The three most common critical SaaS application security alerts come from logins to a user account from outside of an approved location or an approved IP address range; ‘SaaS integration’ where account credentials have been used to connect to a third-party application which may lead to data and other account information sharing between SaaS Apps; and ‘Multiple account lockouts’ which are recorded when an account is locked out four or more times within a 12-hour period.
Other risks highlighted include the number of guest user accounts in use and unsafe cloud file sharing behavior.
“In the uncertain cyber-climate we all reside in today, detailed SaaS security oversight and robust defenses are a requirement for ensuring high resiliency and business continuity,” says Jim Lippie, CEO of SaaS Alerts. “The loss, theft or corruption of mission critical or sensitive customer data can be operationally and financially troublesome for SMBs that depend on continuous and unrestricted business operations to bolster revenues which have been the target of threat actors for years. We offer this useful threat level breakdown to assist businesses and the MSPs that support them with highly accurate insights about the security landscape they reside in.”
The full report is available from the SaaS Alerts site.