During the pandemic, criminals used the cloud to hide phishing scams from trusted Microsoft and Google services.
Proofpoint security researchers they discovered 7 million malicious emails sent by Microsoft 365 and 45 million emails sent by Google infrastructure in the first three months of 2021 alone.
They also report that malicious users have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase, to send emails, but also for attacks on servers.
The publication states:
"The volume of malicious messages from these trusted cloud services exceeded the volume of botnets in 2020, and the trusted reputation of these domains, such as outlook.com and sharepoint.com, increases the difficulty of detection."
Since a breach of one account could give access to more others, ProofPoint estimated that 95% of organizations were targeted in cloud attacks and more than half of them were successful. In addition, more than 30% of the organizations that were breached "experienced post-access activity such as file management, email promotion and OAuth activities".
Once intruders have credentials, they can enter an organization's emails, locate affiliates and significant others, to convincingly send phishing emails.
Proofpoint gave many examples of emails that tried to trick users into giving out their information or serving malware.
Proofpoint research clearly shows that intruders use popular cloud communication tools to spread malicious emails and target people using Microsoft and Google infrastructure.
Breaking accounts in the cloud can be combined with serving ransomware, with disastrous results.
So securing cloud services should be a top priority for security companies.