"Stolen Credentials Have Turned SaaS Apps Into Attackers' Playgrounds"

AppOmni analyzed 230 billion Software-as-a-Service (SaaS) audit log events from its telemetry to gain insight into the behavior of bad actors that gain access to SaaS apps. They looked at a dataset compiled from over 20 SaaS platforms, focusing on alert sequences that would be less obvious to organizations able to examine only one platform's logs. They found that the MITRE ATT&CK kill chain is hardly relevant or heavily abbreviated for most SaaS security incidents, as many attacks were found to be simple smash-and-grab activities lasting 30 minutes to an hour. This article continues to discuss key findings from the SaaS app log analysis.

SecurityWeek reports "Stolen Credentials Have Turned SaaS Apps Into Attackers' Playgrounds"

Submitted by grigby1

Submitted by Gregory Rigby on