chat
expand_more

Connected Third-Party Applications Widen Attack Surface Area

Third-party apps present increased cyberattack risks to email environments via app permissions. Traditional email can't handle the challenge, but Abnormal can.
August 2, 2023

Inbound email attacks are a mainstay for cybercrooks, but criminals are shifting tactics to exploit third-party applications as a new method for gaining entry into an organization’s email environment. This is getting easier due to the popularity of software as a service (SaaS) and apps. In fact, we’ve seen a 128% increase since 2020 in the number of unique applications leveraged by the Abnormal customer base, now totaling more than 26,000 unique apps.

Connected third-party applications aren’t problems in themselves. These tools offer collaboration and efficiency essential for today’s dispersed workforce. But more integrations mean more opportunities for infiltration.

And according to the latest research from IBM, vulnerabilities in third-party software accounted for 13% of all breaches in 2022—costing organizations an average of $4.55 million per incident. Organizations need to understand these vast threat environments to more aptly defend against attacks.

Third-Party Apps Expand the Surface Area for Cyberattacks

Traditional cybersecurity operates like a drawbridge, letting through legitimate emails and preventing malicious emails from entering the organization. Phishing, malware, and social engineering scams would still get through without proper security protocols, but they all entered through the inbox—the front door. Unfortunately, third-party applications provide side doors for attackers to compromise email accounts without detection.

There are a few ways attackers can use third-party apps to breach your organization, but some of the most prevalent include:

  • Stealing API keys and installing malicious applications with high-risk permissions

  • Tricking employees via social engineering into installing‌ legitimate apps that secretly provide attackers with access

  • Stealing customer data from infiltrated and compromised applications

And unfortunately, this isn’t just theoretical. Media giant News Corp—owner of The Wall Street Journal and the New York Post—suffered an undetected cyberattack for two years. During that time, attackers stole a plethora of email data from journalists. How did this happen? A malicious application integrated with their Microsoft 365 cloud email provided attackers with a side door to access sensitive information without detection. And the number of side doors continues to grow.

Threat Blog1

While News Corp might have been specifically targeted, every organization houses valuable information coveted by cybercriminals. The larger the organization, the larger its app portfolio, and thus the larger the surface area for exploitation.

For example, organizations with fewer than 3,000 mailboxes average only a few hundred integrated applications to assist their employees. But organizations hosting more than 30,000 mailboxes use an average of 4,000 applications—demonstrating the herculean task for security teams to protect against incursion.

Threat Blog2

These attacks are devastating and difficult to detect because they bypass traditional inbound email security tools. The threat surface presented by these apps is ever-expanding, but that doesn’t mean the problem is unstoppable. Securing organizations requires first understanding what applications are connected to email—and what each application has permission to do

Understanding Third-Party App Permissions and Associated Risks

Every time an employee authorizes a third-party application, they grant it a number of permissions. Many of these operations are legitimate, but when apps are compromised, they give attackers access to things they shouldn’t have. Security teams must recognize the risk level associated with each of these permissions.

Each third-party application is a potential entry point into your mailboxes. So it’s vital to understand which permissions are most risky. For example:

  • Permissions to view calendars are fairly innocuous

  • Permissions giving read access to email content is a medium risk since mailboxes, often hold sensitive business information

  • Permissions to create or delete content, change permissions, or privilege escalations present high risks

But surely applications don’t actually need all those high-risk permissions, right? Of the top 30 permissions seen by Abnormal, more than 37% are considered high-risk, while another 37% are considered medium-risk.

Threat Blog3

Recognizing that each application provides attackers with a side door into your email environment is the first important step to securing your organization. Piqued your curiosity? You can see the full list of common applications and their associated risk levels in the report.

Stand Up to the Full Spectrum of Attacks Against Your Email Environment

Whether bad actors attack through the front door with an inbound email or a side door via a connected third-party application, organizations must defend themselves. Legacy email security tools simply cannot stand up to the challenge.

Protect yourself completely against the full spectrum of attacks with the best in email security. Abnormal can detect even minor deviations in behavior to identify suspicious activity and proactively block attacks. Matching behavioral science with risk-adaptive detection provides full protection for your email environment including new third-party apps, changes in permissions, or privilege escalations. If the News Corp attack taught us anything, it’s that it’s time to protect your entire email environment—inboxes and connected apps alike.

Take a deep dive into the data with our latest threat report, Applications Abound: Average Organization Now Integrates 379 Third-Party Applications with Email.

Connected Third-Party Applications Widen Attack Surface Area

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Adobe Acrobat Sign Attack Blog
Attackers attempt to steal sensitive information using a fraudulent electronic signature request for a nonexistent NDA and branded phishing pages.
Read More
B 4 15 24 RBAC
Discover how a security-driven RBAC design pattern allows Abnormal customers to maximize their user setup with minimum hurdles.
Read More
B 4 10 24 Zoom
Learn about the techniques cybercriminals use to steal Zoom accounts, including phishing, information stealers, and credential stuffing.
Read More
Social Images for next Cyber Savvy Blog
Explore how Alex Green, the CISO of Delta Dental, safeguards over 80 million customers against modern cyber threats, and gain valuable insights into the cybersecurity landscape.
Read More
B Images for EDB Blog from Sanjay
Abnormal is excited to announce the establishment of a strategic partnership with the Singapore Economic Development Board (EDB).
Read More
B Automotive Data Blog
Research reveals the automotive industry has become a popular target for business email compromise and vendor email compromise attacks. Learn why.
Read More