Thank you for your interest in Obsidian! Please enter your information in the form and we will contact you shortly to schedule a demo.
TL;DR – Like bank robbers and banks, nation-state actors are now targeting SaaS because that’s where the currency is. Plus, now it’s even easier than traditional endpoint compromise.
In case you missed it, the Five Eyes (FVEY) intelligence alliance (comprising Australia, Canada, New Zealand, the United Kingdom, and the United States) issued an advisory in late February 2024 regarding the cyber espionage group of the Russian intelligence services. This group has transitioned to identity-centric SaaS-based TTPs instead of the traditional endpoint-focused malware to gain initial access.
The full advisory can be found here.
Nation-state actors have realized what we at Obsidian Security and, unfortunately, eCrime adversaries (such as Scattered Spider) have known for quite some time now:
As a result, these nation-state actors are finding it easier to gain initial access to these platforms, for two key reasons:
At Obsidian, we have been 100% focused on these types of SaaS attacks and have been detecting and responding before they became popular attack vectors for eCrime actors, and now nation-state operators. Obsidian is involved in dozens of active global Incident Response scenarios per week that include these types of techniques and tactics.
Alarmingly, these strategies (AiTM and MFA Push Fatigue) prove successful in over 51% of SaaS breaches–the remaining 49% consist of SIM Swapping, Integration Abuse, and Endpoint Compromise.
Obsidian stands out as a SaaS threat detection and prevention platform designed with a specific focus on combating SaaS attacks. While traditional SSPM vendors typically concentrate on Posture Management, configuration issues represent only around 15% of the breaches we have witnessed. Obsidian diverges from this approach. We understand that the remaining 85% of SaaS security incidents are attributed to residual risk.
Illustrated by the recent Five Eyes advisory, Obsidian’s SaaS threat modeling swiftly identifies session theft, initiates response workflows and playbooks, or can proactively suspend the compromised account. Conventional tools such as Endpoint Detection and Response (EDR), Cloud Access Security Broker (CASB), or Secure Access Service Edge (SASE) lack the capability to provide such comprehensive protection.
Learn more about the SaaS attacks, gain deeper insights, and remediation advice on our blog. Or get in touch with us to assess your environment for risks of SaaS threats.
To explore more on these types of SaaS-specific attacks, and gain deeper insights and remediation advice visit on our website.