In a Dark Reading article published last week: CircleCI, LastPass, Okta, and Slack: Cyberattackers Pivot to Target Core Enterprise Tools, author Robert Lemos discussed what the Valence Security Threat Labs team has been regularly highlighting throughout 2022 and into 2023–threat actors are increasingly focusing on exploiting core enterprise services such as identity and access management solutions like Okta and LastPass, as well as developer-focused applications like CircleCI, GitHub, and other applications such as Slack. High privilege access and access to sensitive data such as source code makes SaaS applications a prime attack target.
Securing modern SaaS applications requires a comprehensive SaaS security solution like Valence’s that discovers and remediates the full gamut of SaaS risks–over privileged SaaS-to-SaaS integrations, SaaS security misconfigurations, external oversharing of data, and unmanaged user identities and that lack proper security guardrails such as MFA.