With the global population moving to a more remote office structure because of the COVID-19 pandemic, it was inevitable for cybercriminals to take advantage of the situation. Security researchers have noticed an overall uptick in various schemes, many of them successful, like phishing attacks in the past year or so. According to researchers at Proofpoint, it appears that criminals are utilizing cloud infrastructure from Microsoft and Google (Microsoft 365, Azure, OneDrive, SharePoint, G Suite, and Firebase storage) to commit various large-scale phishing attacks.
The Proofpoint research post Threat Actors Exploit Microsoft and Google Platforms to Host and Send Millions of Malicious Messages states the following about how Microsoft’s and Google’s cloud infrastructure is being used for malicious activity such as phishing attacks:
Organizations worldwide have adopted cloud collaboration tools in record numbers — and attackers have quickly followed. In recent months we have observed an acceleration in threat actors abusing Microsoft and Google’s popular infrastructure to host and send threats across Office 365, Azure, OneDrive, SharePoint, G Suite, and Firebase storage.
Last year, 59,809,708 malicious messages from Microsoft Office 365 targeted thousands of our customers. And more than 90 million malicious messages were sent or hosted by Google, with 27% sent through Gmail, the world’s most popular email platform. In Q1 2021, we observed seven million malicious messages from Microsoft Office 365 and 45 million malicious messages from Google infrastructure, which far exceed per quarter Google-based attacks in 2020.
As the post goes on to state, the trusted nature of many of the domains used makes it harder to ascertain which messages are malicious and which are legitimate. This opens the door to ransomware via infected attachments, sensitive data being obtained via social engineering and other common phishing schemes. From the research presented by Proofpoint, phishing schemes observed tended to be prominently geared toward office-related topics, such as impersonations of human resources email, sending fake Zoom meeting links, and spoofing accounting center documents.
Cloud infrastructure is a wonderful thing, but it must be secured properly. When accessed by hackers, there tend to be far-reaching consequences. Always assume a correspondence is not legitimate until you can definitively prove otherwise. Don’t be afraid to confirm with the supposed sender that they indeed sent the email in question. A little paranoia in this time is just good cybersecurity practice.
Featured image: Shutterstock