In the first quarter of 2021, cybercriminals sent 52 million malicious messages using storage services like the Office 365, the Azure, the OneDrive, SharePoint, G-Suite and Firebase.
During the pandemic, criminals used the cloud to hide phishing scams from trusted Microsoft and Google services.
Security researchers Proofpoint they discovered 7 million malicious emails sent by the service Microsoft 365 and 45 million sent by Google's infrastructure in the first three months of 2021 alone.
They also report that malicious users have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase, to send emails, but also for attacks on servers.
The publication states:
"The volume of malicious messages from these trusted cloud services exceeded the volume of botnets in 2020, and the trusted reputation of these domains, such as outlook.com and sharepoint.com, increases the difficulty of detection."
Since a breach of one account could give access to more others, ProofPoint estimated that 95% of organizations were targeted in cloud attacks and more than half of them were successful. In addition, more than 30% of the organizations that were breached "experienced post-access activity such as file management, email promotion and OAuth activities".
Once intruders have credentials, they can enter an organization's emails, locate affiliates and significant others, to convincingly send phishing emails.
Proofpoint gave many examples of emails that tried to trick users into giving out their information or serving malware.
Proofpoint research clearly shows that intruders use popular cloud communication tools to spread malicious emails and target people using Microsoft and Google infrastructure.
Hacking cloud accounts can be combined with serving ransomware, with disastrous results.
So securing cloud services should be a top priority for Companies security.