Targeting SaaS: Rik Ferguson, VP security intelligence at Forescout, agreed that any disruption was likely to be a temporary setback.”It burns infrastructure, yields intelligence, and sows distrust among criminals. But the gang’s dark-web leak site is still up, and they explicitly say the campaign continues,” he told CSO Online by email.”That tells you everything about the current model: forum-free, portable extortion that pivots across Telegram, throwaway domains, and bespoke leak sites. Taking the sign down doesn’t close the business.”According to Ferguson, “SaaS is the new blast radius,” often compromised by abusing the OAuth and app-to-app trust on which these interconnected services depend. This is an attack surface that ransomware attackers will continue to target.How should enterprises secure themselves? “Turn on OAuth app governance, least privilege scopes, token lifetime limits, and automated revocation on anomaly detection, kill any standing trust, rotate keys and tokens, shorten session lifetimes, and require step-up auth for high-risk actions,” advised Ferguson.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4071014/fbi-seizes-breachforums-servers-as-threatened-salesforce-data-release-deadline-approaches.html
