Cofense™ has announced its new free cloud discovery utility – CloudSeeker. The tool helps organisations understand what SaaS applications are in use by an organisation – sanctioned or not – and allows them to identify configured cloud services. CloudSeeker can shine a light on which cloud properties an attacker may impersonate to increase authenticity of phishing attacks.
CloudSeeker is a tool that a network defender can use to determine if their corporate domain has been used to configure SaaS applications. The corporate domain is entered into CloudSeeker and that domain is tested across a catalogue of common SaaS applications. The results of that query delivers the visibility into the cloud services configured for a corporate domain, highlighting applications that are in use but may not have been provisioned with IT’s knowledge. Output is placed into a file that can be compared against future scans to identify changes.
“With Gartner observing shadow IT amounts to between 30 and 40 percent of total IT spend, it highlights just how in the dark enterprises can be to the types of business emails their staff will be receiving and a large portion of this will be dominated by SaaS providers,” said Aaron Higbee, co-founder and CTO of Cofense. “CEO fraud or Business Email Compromise (BEC) is a very real threat that typically targets members in finance. But attackers can easily repurpose the technique creating realistic phishing sites targeting HR, IT, Engineering, Support, etc… masquerading as cloud tools the organisation actually uses.”
It only takes a few guesses as to what shadow IT may be in use and a fraudulent login page on what appears to be a SaaS website for a cybercriminal to convince an employee to hand over their log in details or click a compromised link that grants the hacker access to the corporate network.
“CloudSeeker shines a light on shadow IT and counters the security risk it presents by seamlessly fitting into an organisation’s broader security ecosystem. By offering this free solution to businesses, we are levelling up the playing field between attackers and would-be victims. After all, putting up a good defence requires a strong offense, critical to this is knowing where the threats are in the first place,” concludes Higbee.
Cofense CloudSeeker is the first free cloud security tool of its kind that performs this service without collecting any personally identifiable information, requires no credentials to operate and complements Cofense’s Human Phishing Defence Solution. As part of this, Cofense PhishMe and Cofense Reporter turn all employees into a human phishing defence, and Cofense Triage and Cofense Intelligence strengthen the organisation’s ability to quickly identify and respond to phishing attacks in progress.