In the first quarter of 2021, cybercriminals sent 52 millions malicious messages using storage services such as Office 365, the Azure, the OneDrive, SharePoint, G-Suite and Firebase.
During the pandemic, criminals used the cloud to hide phishing scams from trusted Microsoft and Google services.
Proofpoint security researchers they discovered 7 million malicious emails sent by Microsoft 365 and 45 million emails sent by Google infrastructure in the first three months of 2021 alone.
They also report that malicious users have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase, to send emails, but also for attacks on servers.
The publication states:
"The volume of malicious messages from these trusted cloud services exceeded the volume of botnets in 2020, and the trusted reputation of these domains, such as outlook.com and sharepoint.com, increases the difficulty of detection."
Given that a infringement ενός λογαριασμού θα μπορούσε να παρέχει πρόσβαση σε περισσότερους άλλους, η ProofPoint υπολόγισε ότι το 95% των οργανισμών ήταν στόχοι σε επιθέσεις στο cloud και περισσότερες από τις μισές από αυτές ήταν επιτυχείς. Επιπλέον, περισσότερο από το 30% των οργανισμών που είχαν παραβιαστεί “βίωσαν δραστηριότητα μετά την πρόσβαση, όπως management files, email forwarding and OAuth activities”.
Once intruders have credentials, they can enter an organization's emails, locate affiliates and significant others, to convincingly send phishing emails.
Proofpoint provided several examples of emails that attempted to trick users into providing their information or serve malicious software.
Proofpoint's research clearly shows that attackers use popular tools cloud communication to spread malicious emails and target people using Microsoft and Google infrastructures.
Breaking accounts in the cloud can be combined with serving ransomware, with disastrous results.
So securing cloud services should be a top priority for security companies.