chat
expand_more

Connected Third-Party Applications Widen Attack Surface Area

Third-party apps present increased cyberattack risks to email environments via app permissions. Traditional email can't handle the challenge, but Abnormal can.
August 2, 2023

Inbound email attacks are a mainstay for cybercrooks, but criminals are shifting tactics to exploit third-party applications as a new method for gaining entry into an organization’s email environment. This is getting easier due to the popularity of software as a service (SaaS) and apps. In fact, we’ve seen a 128% increase since 2020 in the number of unique applications leveraged by the Abnormal customer base, now totaling more than 26,000 unique apps.

Connected third-party applications aren’t problems in themselves. These tools offer collaboration and efficiency essential for today’s dispersed workforce. But more integrations mean more opportunities for infiltration.

And according to the latest research from IBM, vulnerabilities in third-party software accounted for 13% of all breaches in 2022—costing organizations an average of $4.55 million per incident. Organizations need to understand these vast threat environments to more aptly defend against attacks.

Third-Party Apps Expand the Surface Area for Cyberattacks

Traditional cybersecurity operates like a drawbridge, letting through legitimate emails and preventing malicious emails from entering the organization. Phishing, malware, and social engineering scams would still get through without proper security protocols, but they all entered through the inbox—the front door. Unfortunately, third-party applications provide side doors for attackers to compromise email accounts without detection.

There are a few ways attackers can use third-party apps to breach your organization, but some of the most prevalent include:

  • Stealing API keys and installing malicious applications with high-risk permissions

  • Tricking employees via social engineering into installing‌ legitimate apps that secretly provide attackers with access

  • Stealing customer data from infiltrated and compromised applications

And unfortunately, this isn’t just theoretical. Media giant News Corp—owner of The Wall Street Journal and the New York Post—suffered an undetected cyberattack for two years. During that time, attackers stole a plethora of email data from journalists. How did this happen? A malicious application integrated with their Microsoft 365 cloud email provided attackers with a side door to access sensitive information without detection. And the number of side doors continues to grow.

Threat Blog1

While News Corp might have been specifically targeted, every organization houses valuable information coveted by cybercriminals. The larger the organization, the larger its app portfolio, and thus the larger the surface area for exploitation.

For example, organizations with fewer than 3,000 mailboxes average only a few hundred integrated applications to assist their employees. But organizations hosting more than 30,000 mailboxes use an average of 4,000 applications—demonstrating the herculean task for security teams to protect against incursion.

Threat Blog2

These attacks are devastating and difficult to detect because they bypass traditional inbound email security tools. The threat surface presented by these apps is ever-expanding, but that doesn’t mean the problem is unstoppable. Securing organizations requires first understanding what applications are connected to email—and what each application has permission to do

Understanding Third-Party App Permissions and Associated Risks

Every time an employee authorizes a third-party application, they grant it a number of permissions. Many of these operations are legitimate, but when apps are compromised, they give attackers access to things they shouldn’t have. Security teams must recognize the risk level associated with each of these permissions.

Each third-party application is a potential entry point into your mailboxes. So it’s vital to understand which permissions are most risky. For example:

  • Permissions to view calendars are fairly innocuous

  • Permissions giving read access to email content is a medium risk since mailboxes, often hold sensitive business information

  • Permissions to create or delete content, change permissions, or privilege escalations present high risks

But surely applications don’t actually need all those high-risk permissions, right? Of the top 30 permissions seen by Abnormal, more than 37% are considered high-risk, while another 37% are considered medium-risk.

Threat Blog3

Recognizing that each application provides attackers with a side door into your email environment is the first important step to securing your organization. Piqued your curiosity? You can see the full list of common applications and their associated risk levels in the report.

Stand Up to the Full Spectrum of Attacks Against Your Email Environment

Whether bad actors attack through the front door with an inbound email or a side door via a connected third-party application, organizations must defend themselves. Legacy email security tools simply cannot stand up to the challenge.

Protect yourself completely against the full spectrum of attacks with the best in email security. Abnormal can detect even minor deviations in behavior to identify suspicious activity and proactively block attacks. Matching behavioral science with risk-adaptive detection provides full protection for your email environment including new third-party apps, changes in permissions, or privilege escalations. If the News Corp attack taught us anything, it’s that it’s time to protect your entire email environment—inboxes and connected apps alike.

Take a deep dive into the data with our latest threat report, Applications Abound: Average Organization Now Integrates 379 Third-Party Applications with Email.

Connected Third-Party Applications Widen Attack Surface Area

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More