SaaS Alerts: Brute Force Attacks Bombarding SMBs

A new SaaS Alerts report shows more than 3,000 daily brute force attacks against SMBs that its platform is monitoring.

The SaaS Application Security Insights (SASI) Report analyzes the threats, trends and activities of SaaS application users. It provides insights to help MSPs protect the companies they serve.

In addition, it sheds light on risky file-sharing behavior and the top countries where bad actors are originating their attacks on SMBs.

Jim Lippie is SaaS Alerts‘ CEO.

SaaS Alerts’ Jim Lippie

“At the time of the report, we had 105 MSP partners with 30,000-plus users on the platform,” he said. “So we’re monitoring, in aggregate, 750 small businesses and over 15 million logged events.”

The report stresses the importance of multifactor authentication (MFA).

“People always opt for convenience over security,” Lippie said. “It’s not because end users are stupid or they’re malicious. It was constantly trying to get a lot done in a short period of time. So they’re always looking to take shortcuts, and shortcuts and security don’t go hand in hand.”

User Behaviors Increasing Risk

In the first half of 2021, SaaS Alerts saw an average of 3,000 brute force attacks per day against more than 750 small businesses. It also uncovered a significant attack vector stemming from common user behaviors. Those include neglectful file-sharing practices, and using Microsoft 365 and Google Workspace credentials for authenticating third-party integrated applications.

The top countries where bad actors originate attacks are China, Vietnam, Brazil, Russia, India and Pakistan.

“The industry is in an evolutionary state right now, and more of their customers are using SaaS applications every single day, and in some cases that’s all they’re using,” Lippie said. “This is an opportunity to open up a discussion about the security around these applications, why it’s important, and what they can do to mitigate their customers’ risk.”

Conversation Starter with Customers

Lippie said MSPs should be looking at this report, and bringing it to their customers to talk about the findings.

“Every MSP struggles with good information to take to their customers to keep an ongoing dialogue, to keep them engaged because eventually they just glaze over with all the same stuff,” he said. “All of this data is from the MSP community, from their customers. In addition, if an MSP wants it and they’re on our platform, they can sign their customer up and they can run this report and get all this data for every single one of their customers.”

These threats won’t just go away, according to SaaS Alerts. They will continue as the data in SaaS applications is valuable to bad actors. Moreover, their attacks are successful enough to warrant continued effort.

Meanwhile, end users will continue to take shortcuts, share anonymous files and bypass safeguards in the name of convenience and increased productivity. With the right tools and a commitment to regular hygiene, many of these risks can be mitigated by a community of technology professionals.