Subscribe to the Non-Human & AI Identity Journal

Why do trusted platforms make attacker campaigns harder to stop?

Because the attacker inherits the credibility and resilience of a legitimate service. Blocking one domain or account rarely removes the delivery model if the same workflow can move to another free host, messaging channel, or API. Teams should focus on trust abuse patterns, not just individual malicious artefacts.

Why This Matters for Security Teams

Trusted platforms change the defender’s problem from simple blocking to trust validation. When a campaign uses a legitimate cloud host, collaboration tool, inbox provider, or API, the delivery path benefits from normal reputation, uptime, and user expectations. That makes takedown actions slower, noise higher, and attribution less reliable. The issue is not just malicious content, but abuse of the service’s built-in credibility.

This matters because many controls are tuned to isolate obvious bad infrastructure, while trust-abuse campaigns blend into routine business traffic. Security teams need to watch for patterns such as rapid tenant creation, unusual automation, account takeover, and abuse of free-tier services. Guidance from the MITRE ATT&CK Enterprise Matrix remains useful because it helps teams map attacker behaviour across initial access, persistence, and command channels rather than focusing only on one domain or sender.

In practice, many security teams encounter trusted-platform abuse only after a legitimate service has already been used to scale delivery, rather than through intentional detection of the campaign workflow.

How It Works in Practice

Attackers prefer platforms that are easy to create accounts on, quick to automate, and difficult for defenders to block without collateral damage. A message sent through a well-known collaboration suite, a file shared from a reputable storage service, or a lure hosted on a mainstream web platform often survives longer than the same content on disposable infrastructure. That resilience is amplified when the attacker rotates between services, which makes the campaign look fragmented even when the operator is following one playbook.

Operationally, defenders should inspect the workflow, not just the artefact. Useful signals include account age, login geography, API activity, OAuth consent abuse, anomalous file-sharing permissions, and impossible travel across trusted services. The CISA cyber threat advisories are valuable for tying these behaviours to current abuse patterns and response priorities. For organisations using automation or agentic tooling, it is also worth checking whether an AI system is being induced to call external tools, relay messages, or exfiltrate data through a legitimate service boundary. Where AI is involved, the MITRE ATLAS adversarial AI threat matrix helps teams reason about manipulation of model-driven workflows.

  • Correlate platform telemetry with identity events, not just URL or hash reputation.
  • Review whether new tenants, tokens, or OAuth grants were created to support delivery.
  • Track repeat use of the same business service across distinct stages of the campaign.
  • Separate content moderation from abuse detection so that trust signals are not treated as proof of safety.

These controls tend to break down in highly distributed SaaS environments because logs are fragmented across providers and the attacker can shift to the least monitored service boundary.

Common Variations and Edge Cases

Tighter platform controls often increase operational overhead, requiring organisations to balance user friction against the need to stop abuse without disrupting legitimate collaboration. There is no universal standard for this yet, so current guidance suggests combining policy, telemetry, and identity assurance rather than relying on a single trust score.

One common edge case is reseller or partner-hosted content, where an apparently legitimate service is actually a tenant within a larger trust domain. Another is AI-assisted abuse, where an operator uses an LLM to generate convincing lures, adapt payload text, or vary delivery timing. The Anthropic report on the first AI-orchestrated cyber espionage campaign shows why teams should assume that platform abuse can be accelerated by automation, not just manually operated. For control hardening, NIST SP 800-53 Rev 5 Security and Privacy Controls provides a solid anchor for logging, access control, and monitoring expectations.

Best practice is evolving for AI-mediated trust abuse, especially where an agent can authenticate to a service, retrieve context, and act with human-like credibility. In those environments, teams need stronger provenance, token governance, and behavioural detection because static blocklists quickly lose value once the attacker can re-host, re-send, or re-authenticate through another trusted channel.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

MITRE ATT&CK and MITRE ATLAS address the attack and risk surface, while NIST CSF 2.0, NIST AI RMF and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
NIST CSF 2.0 DE.CM Continuous monitoring is needed to detect abuse of trusted service workflows.
MITRE ATT&CK T1078 Trusted platforms often work because valid accounts and normal access are abused.
NIST AI RMF AI-assisted delivery and agentic workflows need governance and risk oversight.
MITRE ATLAS Adversarial AI can be used to shape or automate trusted-platform abuse.
NIST SP 800-53 Rev 5 AU-2 Audit logging is essential for reconstructing cross-platform attacker workflows.

Ensure logs capture identity, token, and service activity across trusted delivery channels.