Microsoft and Google products hacked to launch cyberattacks

It is the proven fact that, millions of malicious messages have been sent using Microsoft and Google's platforms.

Just as business users have turned to cloud computing services and online collaboration software to do their jobs, so too have cybercriminals according to new research from Proofpoint.

In a blog post, Proofpoint’s EVP Cybersecurity Strategy, Ryan Kalember, said that last year, 59,809,708 malicious messages were distributed through Microsoft Office 365. Google’s services were used to host, or distribute, more than 90 million malicious messages, with more than a quarter of those (27 percent) going through one of the world’s most popular email platforms, Gmail.

The results from Q1 2021 “far exceeded” those from Q1 2020, Proofpoint further claimed, saying it spotted seven million malicious messages going through Microsoft and 45 million going through Google infrastructure.

To make matters worse, the malicious message volume from these trusted cloud services exceeded that of any botnet last year. This is because the trusted reputation of both Microsoft and Google's domains increases the likelihood that these messages will be delivered to their targets instead of being detected as malicious.

As email recently became the top vector for ransomware once again, cybercriminals are increasingly leveraging the supply chain and partner ecosystem of organizations to compromise accounts, steal credentials and siphon funds.

As per the report from Proofpoint about supply chains, 98 percent of almost 3,000 organizations across the US, UK and Australia received a threat from a supplier domain during a seven-day window back in February of this year.

A singe compromised account can provide cybercriminals with a great deal of access to a company's network and over the last year, the firm has observed threat actors targeting 95 percent of the organizations it protects with cloud account compromise attempts and more than half have experienced at least one compromise. Of the organizations compromised, over 30 percent reported experiencing post-access activity such as file manipulation, email forwarding and OAuth activity.

Ryan Kalember further said in his blog post:

Our research clearly demonstrates that attackers are using both Microsoft and Google infrastructure to disseminate malicious messages and target people as they leverage popular cloud collaboration tools. When coupled with heightened ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders.