Microsoft and Google products hacked to launch cyberattacks

News
By published

Millions of malicious messages have been sent using Microsoft and Google's platforms

Hacker Typing
(Image credit: Shutterstock)

Just as business users have turned to cloud computing services and online collaboration software to do their jobs, so too have cybercriminals according to new research from Proofpoint.

In recent months, the cybersecurity firm has observed a massive uptick in threat actors abusing Microsoft and Google's infrastructure to host and send threats across Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage.

In 2020, over 59m malicious messages were sent from Microsoft Office 365 targeting thousands of Proofpoint's customers while more than 90m were sent or hosted by Google with 27 percent sent through the world's most popular email service, Gmail. During the first quarter of this year, the cybersecurity firm observed seven million malicious messages sent through Office 365 and 45m from Google's infrastructure.

To make matters worse, the malicious message volume from these trusted cloud services exceeded that of any botnet last year. This is because the trusted reputation of both Microsoft and Google's domains increases the likelihood that these messages will be delivered to their targets instead of being detected as malicious.

Compromise and conquer

As email recently became the top vector for ransomware once again, cybercriminals are increasingly leveraging the supply chain and partner ecosystem of organizations to compromise accounts, steal credentials and siphon funds.

According to a recent report from Proofpoint about supply chains, 98 percent of almost 3,000 organizations across the US, UK and Australia received a threat from a supplier domain during a seven-day window back in February of this year.

A singe compromised account can provide cybercriminals with a great deal of access to a company's network and over the last year, the firm has observed threat actors targeting 95 percent of the organizations it protects with cloud account compromise attempts and more than half have experienced at least one compromise. Of the organizations compromised, over 30 percent reported experiencing post-access activity such as file manipulation, email forwarding and OAuth activity.

With an organization's credentials in hand, cybercriminals can log into systems as impostors, move laterally across multiple cloud services and hybrid environments and send convincing emails while pretending to be real employees.

EVP of cybersecurity strategy at Proofpoint, Ryan Kalember provided further insight on the firm's latest findings in a blog post, saying:

“Our research clearly demonstrates that attackers are using both Microsoft and Google infrastructure to disseminate malicious messages and target people as they leverage popular cloud collaboration tools. When coupled with heightened ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders.” 

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Shutterstock.com / kanlaya wanon
Microsoft Teams abused in Russian email bombing ransomware campaign
Hook on Keyboard
Fake DocuSign and HubSpot phishing emails target 20,000 Microsoft Azure accounts
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
More about security
Data Breach

Thousands of healthcare records exposed online, including private patient information
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
Nokia 5G 360 Camera

This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
See more latest
Most Popular
Nokia 5G 360 Camera
This is the world's first 8K 5G 360 degrees camera - and it is also weatherproof
AI writer
Coding AI tells developer to write it himself
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Hasselblad X2D 100C camera in user's hand, their blue jacket in background
My dream Hasselblad camera is getting a sequel soon, according to new leaks – here are 5 upgrades I’m hoping for
Harry Halpin, CEO and co-founder of Nym Technologies, and Chelsea Manning, Nym Technlogies' security consultant, on stage at the Frontline Club in London during the NymVPN launch on March 13, 2025.
NymVPN is now live – here's everything you need to know