Just as business users have turned to cloud computing services and online collaboration software to get their jobs done, so have cybercriminals, according to a new Proofpoint study. In recent months, the cybersecurity company has seen a massive increase in the number of threat actors abusing Microsoft and Google infrastructure to host and deliver threats in Office 365 storage, Azure, OneDrive, SharePoint, G- Suite and Firebase. In 2020, more than 59 million malicious messages were sent from Microsoft Office 365 targeting thousands of Proofpoint customers, while Google sent or hosted more than 90 million, of which 27% were sent via the email service. . Gmail. During the first quarter of this year, the cybersecurity firm observed seven million malicious messages sent through Office 365 and within 45m of Google's infrastructure. To make matters worse, the volume of malicious messages from these trusted cloud services exceeded that of any botnet in the last year. In fact, the trusted reputation of the Microsoft and Google domains increases the likelihood that these messages will be delivered to their recipients rather than being detected as malicious.
Commit and conquer
With email recently becoming the primary vehicle for ransomware, cybercriminals are increasingly exploiting organizations' supply chain and partner ecosystem to compromise accounts, steal credentials, and siphon funds. According to a recent supply chain report from Proofpoint, 98% of nearly 3.000 organizations in the US, UK and Australia received a threat from a vendor domain within seven days in February of this year. A single compromised account can give cybercriminals excellent access to a company's network, and over the past year, the company has seen threats targeting 95% of the organizations it protects with cloud account compromise attempts and more. half have suffered at least one compromise. Among the compromised organizations, more than 30% reported experiencing post-access activity such as file tampering, email forwarding, and OAuth activity. With an organization's credentials in hand, cybercriminals can log into systems as impostors, roam sideways between multiple cloud services and hybrid environments, and send enticing emails while posing as real bad employees. Executive vice president of cybersecurity strategy at Proofpoint, Ryan Kalember, provided additional insight into the company's latest findings in a blog post, saying: “Our research clearly shows that attackers use both Microsoft and Google infrastructure to send malicious messages and target people while leveraging popular cloud collaboration tools. Along with ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must continue to be a priority for security leaders. "