Just as business users have turned to cloud computing (opens in new tab) services and online collaboration software (opens in new tab) to do their jobs, so too have cybercriminals according to new research from Proofpoint (opens in new tab).
In recent months, the cybersecurity firm has observed a massive uptick in threat actors abusing Microsoft and Google's infrastructure to host and send threats across Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage.
In 2020, over 59m malicious messages (opens in new tab) were sent from Microsoft Office 365 targeting thousands of Proofpoint's customers while more than 90m were sent or hosted by Google with 27 percent sent through the world's most popular email service (opens in new tab), Gmail. During the first quarter of this year, the cybersecurity firm observed seven million malicious messages sent through Office 365 and 45m from Google's infrastructure.
- We've compiled a list of the best endpoint protection software (opens in new tab) available
- Keep your devices virus free with the best malware removal software (opens in new tab)
- Also check out our roundup of the best firewall (opens in new tab)
To make matters worse, the malicious message volume from these trusted cloud services exceeded that of any botnet (opens in new tab) last year. This is because the trusted reputation of both Microsoft and Google's domains increases the likelihood that these messages will be delivered to their targets instead of being detected as malicious.
Compromise and conquer
As email recently became the top vector for ransomware (opens in new tab) once again, cybercriminals are increasingly leveraging the supply chain and partner ecosystem of organizations to compromise accounts, steal credentials and siphon funds.
According to a recent report (opens in new tab) from Proofpoint about supply chains (opens in new tab), 98 percent of almost 3,000 organizations across the US, UK and Australia received a threat from a supplier domain during a seven-day window back in February of this year.
A singe compromised account can provide cybercriminals with a great deal of access to a company's network and over the last year, the firm has observed threat actors targeting 95 percent of the organizations it protects with cloud account compromise attempts and more than half have experienced at least one compromise. Of the organizations compromised, over 30 percent reported experiencing post-access activity such as file manipulation, email forwarding and OAuth (opens in new tab) activity.
With an organization's credentials in hand, cybercriminals can log into systems as impostors, move laterally across multiple cloud services and hybrid environments and send convincing emails while pretending to be real employees.
EVP of cybersecurity strategy at Proofpoint, Ryan Kalember provided further insight on the firm's latest findings in a blog post (opens in new tab), saying:
“Our research clearly demonstrates that attackers are using both Microsoft and Google infrastructure to disseminate malicious messages and target people as they leverage popular cloud collaboration tools. When coupled with heightened ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders.”
- We've also featured the best antivirus (opens in new tab)