As organisations all around the world have adopted cloud collaboration tools, like Office 365 and OneDrive, cyber attackers have also followed the trend.
Last year, 59.8 million malicious scam messages were sent from Microsoft Office 365 and more than 90 million were sent or hosted by Google, according to Proofpoint.
In the months from January to March this year alone, that number has already reached seven million malicious messages from Microsoft and 45 million from Google infrastructure.
“The malicious message volume from these trusted cloud services exceeded that of any botnet in 2020, and the trusted reputation of these domains, including outlook.com and sharepoint.com, increases the difficulty of detection for defenders,” Proofpoint said.
Proofpoint said the authenticity of platforms like Microsoft and Google make these scams more believable.
Recently, email regained its status as the number one way for cyber criminals to spread ransomware to compromise accounts, steal information and siphon money.
Also watch: How hackers use COVID-19 trends to push phishing scams
What to watch out for
The below phishing attempt features a Microsoft SharePoint URL claiming to host a corporate policy and COVID-19 guidelines document.
The document contains a link leading to a fake Microsoft authentication page designed collect your personal data.
According to Proofpoint, this specific campaign involved around 5,000 messages targeting users in transportation, manufacturing, and business services.
In March this year there was a Gmail-hosted scam campaign with a fake employee benefits message and Microsoft Excel attachment targeting manufacturing, technology, and media/entertainment organisations.
If macros are enabled, the scam will install and run ‘The Trick’, a trojan that intercepts and logs banking website visits to steal credentials.
In February 2021, Proofpoint also saw 'aXorist' ransomware campaign from a Gmail-hosted email address.
The scam attempts to trick accounting users into accessing password-protected zipped MS Word documents. These documents contain macros which, if enabled, drop the ransomware.
Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint said: “Our research clearly demonstrates that attackers are using both Microsoft and Google infrastructure to disseminate malicious messages and target people as they leverage popular cloud collaboration tools."
"When coupled with heightened ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders.”