Cybercriminals are using trusted email platforms from Microsoft and Google to host and distribute malicious content, including ransomware, a new report from cybersecurity experts Proofpoint found.
In a blog post, Proofpoint’s EVP Cybersecurity Strategy, Ryan Kalember, said that last year, 59,809,708 malicious messages were distributed through Microsoft Office 365. Google’s services were used to host, or distribute, more than 90 million malicious messages, with more than a quarter of those (27 percent) going through one of the world’s most popular email platforms, Gmail.
The results from Q1 2021 “far exceeded” those from Q1 2020, Proofpoint further claimed, saying it spotted seven million malicious messages going through Microsoft and 45 million going through Google.
The volume of bad content coming from trusted cloud services “exceeded that of any botnet in 2020”, while the trusted nature of these services made detection even more difficult.
Of all the different things criminals tried, trying to steal email credentials sits at the very top, mostly due to the level of access that can be granted from a single account. Over the last year, criminals attempted to compromise cloud accounts in 95 percent of organizations observed.
Of that number, more than half suffered at least one compromise and of those, almost a third experienced file manipulation, email forwarding or OAuth activity.
Once criminals manage to steal the credentials and log into an email address, they’ll send “convincing emails cloaked as a real employee” to try and defraud unsuspecting victims, Proofpoint concluded.