Cyber criminals are exploiting trusted services like Microsoft, Google, and DocuSign to deliver malware and phishing attacks.
Known as Living off Trusted Services (LOTS), this tactic allows them to evade detection by leveraging widely used platforms.
Mimecast’s H2 2024 Global Threat Intelligence Report flagged LOTS attacks as a growing concern, with over 5 billion threats detected. Attackers use CAPTCHAs to block security scans and host malicious payloads on cloud platforms.
By infiltrating third-party providers, cyber criminals gain deep access to networks, making detection difficult. Traditional security measures based on domain reputation and authentication often fail.
To defend against LOTS attacks, businesses should implement AI-driven threat detection, Zero Trust policies, enhanced email security, and user training to mitigate risks and prevent exploitation of trusted services.
