Threat actors exploit Microsoft, Google platforms to send malicious emails


Monday, 24 May, 2021

Threat actors exploit Microsoft, Google platforms to send malicious emails

With an increasing number of organisations worldwide adoption cloud collaboration tools, threat actors are using Microsoft and Google’s infrastructure to host and send threats, according to Proofpoint.

Last year, 59,809,708 malicious messages from Microsoft Office 365 targeted thousands of Proofpoint customers. And more than 90 million malicious messages were sent or hosted by Google, with 27% sent through Gmail. In Q1 2021, the company observed seven million malicious messages from Microsoft Office 365 and 45 million malicious messages from Google infrastructure, which far exceed per quarter Google-based attacks in 2020.

Malicious messages are being sent across Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage. The volume from these trusted cloud services exceeded that of any botnet in 2020, and the trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders, Proofpoint said.

Ninety-eight per cent of nearly 3000 monitored organisations across the US, UK and Australia received a threat from a supplier domain over a 7-day window in February 2021, according to Proofpoint’s latest supply chain findings.

Given the level of access that can be granted from a single account, over the last year threat actors targeted 95% of organisations with cloud account compromise attempts, and more than half have experienced at least one compromise. Of those compromised, over 30% experienced post-access activity including file manipulation, email forwarding and OAuth activity. If stolen, threat actors can leverage credentials to log into systems as imposters, move laterally across multiple cloud services and hybrid environments, and send convincing emails cloaked as a real employee, orchestrating potential financial and data loss.

Ryan Kalember, Executive Vice President of cybersecurity strategy at Proofpoint, said, “Our research clearly demonstrates that attackers are using both Microsoft and Google infrastructure to disseminate malicious messages and target people as they leverage popular cloud collaboration tools. When coupled with heightened ransomware, supply chain and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders.”

Image credit: ©stock.adobe.com/au/yingyaipumi

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd