Warning: Microsoft and Google Clouds are being abused to launch large-scale phishing campaigns
Notably, during the global pandemic so far, cybercriminals have taken advantage of the rapid shift of the business community towards cloud-based business services. cloud, thereby hiding malicious email scams behind popular, trusted services from major vendors like Microsoft and Google.
More specifically, security researchers from the cybersecurity organization Proofpoint discovered a total of more than 7 million malicious emails sent from Microsoft 365, along with 45 million phishing emails sent from the infrastructure. Google's floors, all of which were recorded in only the first 3 months of 2021. In addition, the investigation results also show that cybercriminal groups have also very effectively abused popular services such as Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase to send phishing emails and attack target servers.
'The volume of malicious messages from these trusted cloud services has exceeded the size of any large botnet detected in 2020. Besides, the reputation and popularity of these This domain, typically outlook.com and sharepoint.com, is also a factor that greatly increases the difficulty of malicious email detection for security teams and even individual users', The report from Proofpoint said.
A lot of organizations are targeted for cloud phishing
Basically, just a single breached account can provide hackers with broad access to the entire network of an organization or business. As estimated by ProofPoint, up to 95% of organizations surveyed have been targeted by hackers through a cloud account compromise, and it is worth mentioning that more than half of that has been done. currently successful.
Once attackers gain credentials to an internal account, they can quickly abuse a combination of different services to send out more convincing phishing emails.
For example, Proofpoint detected a phishing email campaign that included a Microsoft SharePoint URL that was intended to lead recipients to a document detailing COVID-19 prevention guidelines, but actually contained malicious code. . This malicious message was sent to more than 5,000 people working in the transportation, manufacturing and sales services of several businesses in the United States.
Another login phishing campaign recently discovered by the Proofpoint team used the .onmicrosoft.com domain name to redirect the target to a fake webmail authentication page, designed to steal steal their login credentials to their online conference accounts. During this campaign, at least 10,000 malicious emails were sent aimed at people working in the fields of consumer manufacturing, technology and financial services.
In summary, Proofpoint's research clearly shows that cybercriminals are actively abusing popular cloud communication tools to spread malicious messages and target users of their infrastructure. a series of major vendors, including Microsoft and Google.
This reality, combined with the rise of ransomware, supply chain attacks, and cloud account breaches, makes building human-centered advanced email security strategies a continued priority. leading enterprise security administrators.
You should read it
- Phishing attack: The most common techniques used to attack your PC
- [Infographic] 4 types of Phishing are easy to trap users
- [Infographic] How to recognize and prevent Phishing attacks
- Learn about the Adversary-in-the-Middle phishing attack method
- What is Spear Phishing?
- New phishing attacks appear to use Google Translate as a disguise
- What is IPFS Phishing attack? How to avoid?
- How to protect yourself from phishing attacks via mobile phones
- 5 signs to identify phishing websites
- GitHub is under strong phishing attack, users pay attention to account security
- Microsoft shows how to avoid trapping phishing
- Warning: Phishing attacks targeting Microsoft Teams show signs of sharp increase
Maybe you are interested
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Detection of malicious code infecting the web browsers of 300,000 PCs, silently stealing user data
The App Store was tricked into approving malicious apps
Google Chrome will warn users about password-protected malicious archive files
All VSCode users need to be wary of malicious extensions!
What are malicious apps? How dangerous are they?