"Microsoft, Google Clouds Hijacked for Gobs of Phishing"

Researchers at Proofpoint have found that threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. And it’s working.  In the first three months of 2021 alone, the researchers stated that 7 million malicious emails were sent from Microsoft 365 and a staggering 45 million sent from Google’s infrastructure.  The researchers also noted that cybercriminals had used Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage to send phishing emails and host attacks.  The researchers stated that the malicious message volume from these trusted cloud services exceeded that of any botnet in 2020. The trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders.  Because breaching a single account could potentially provide sprawling access, the researchers reported 95 percent of organizations were targeted for cloud account compromise, and of those, more than half were successful. Additionally, more than 30 percent of those organizations that were compromised experienced post-access activity, including file manipulation, email forwarding, and OAuth activity.  Once attackers have credentials, they can easily move in and out of a range of services and use those to send additional, convincing phishing emails.

Threatpost reports: "Microsoft, Google Clouds Hijacked for Gobs of Phishing"