Warning: Microsoft and Google Clouds are being abused to launch large-scale phishing campaigns

Notably, during the global pandemic so far, cybercriminals have taken advantage of the rapid shift of the business community towards cloud-based business services. cloud, thereby hiding malicious email scams behind popular, trusted services from major vendors like Microsoft and Google.

More specifically, security researchers from the cybersecurity organization Proofpoint discovered a total of more than 7 million malicious emails sent from Microsoft 365, along with 45 million phishing emails sent from the infrastructure. Google's floors, all of which were recorded in only the first 3 months of 2021. In addition, the investigation results also show that cybercriminal groups have also very effectively abused popular services such as Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase to send phishing emails and attack target servers.

'The volume of malicious messages from these trusted cloud services has exceeded the size of any large botnet detected in 2020. Besides, the reputation and popularity of these This domain, typically outlook.com and sharepoint.com, is also a factor that greatly increases the difficulty of malicious email detection for security teams and even individual users', The report from Proofpoint said.

A lot of organizations are targeted for cloud phishing

Basically, just a single breached account can provide hackers with broad access to the entire network of an organization or business. As estimated by ProofPoint, up to 95% of organizations surveyed have been targeted by hackers through a cloud account compromise, and it is worth mentioning that more than half of that has been done. currently successful.

Once attackers gain credentials to an internal account, they can quickly abuse a combination of different services to send out more convincing phishing emails.

For example, Proofpoint detected a phishing email campaign that included a Microsoft SharePoint URL that was intended to lead recipients to a document detailing COVID-19 prevention guidelines, but actually contained malicious code. . This malicious message was sent to more than 5,000 people working in the transportation, manufacturing and sales services of several businesses in the United States.

Another login phishing campaign recently discovered by the Proofpoint team used the .onmicrosoft.com domain name to redirect the target to a fake webmail authentication page, designed to steal steal their login credentials to their online conference accounts. During this campaign, at least 10,000 malicious emails were sent aimed at people working in the fields of consumer manufacturing, technology and financial services.

In summary, Proofpoint's research clearly shows that cybercriminals are actively abusing popular cloud communication tools to spread malicious messages and target users of their infrastructure. a series of major vendors, including Microsoft and Google.

This reality, combined with the rise of ransomware, supply chain attacks, and cloud account breaches, makes building human-centered advanced email security strategies a continued priority. leading enterprise security administrators.

Kareem Winters

Update 21 May 2021