Microsoft and Google products hacked to launch cyberattacks

News
By published

Millions of malicious messages have been sent using Microsoft and Google's platforms

Hacker Typing
(Image credit: Shutterstock)

Just as business users have turned to cloud computing services and online collaboration software to do their jobs, so too have cybercriminals according to new research from Proofpoint.

In recent months, the cybersecurity firm has observed a massive uptick in threat actors abusing Microsoft and Google's infrastructure to host and send threats across Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage.

In 2020, over 59m malicious messages were sent from Microsoft Office 365 targeting thousands of Proofpoint's customers while more than 90m were sent or hosted by Google with 27 percent sent through the world's most popular email service, Gmail. During the first quarter of this year, the cybersecurity firm observed seven million malicious messages sent through Office 365 and 45m from Google's infrastructure.

To make matters worse, the malicious message volume from these trusted cloud services exceeded that of any botnet last year. This is because the trusted reputation of both Microsoft and Google's domains increases the likelihood that these messages will be delivered to their targets instead of being detected as malicious.

Compromise and conquer

As email recently became the top vector for ransomware once again, cybercriminals are increasingly leveraging the supply chain and partner ecosystem of organizations to compromise accounts, steal credentials and siphon funds.

According to a recent report from Proofpoint about supply chains, 98 percent of almost 3,000 organizations across the US, UK and Australia received a threat from a supplier domain during a seven-day window back in February of this year.

A singe compromised account can provide cybercriminals with a great deal of access to a company's network and over the last year, the firm has observed threat actors targeting 95 percent of the organizations it protects with cloud account compromise attempts and more than half have experienced at least one compromise. Of the organizations compromised, over 30 percent reported experiencing post-access activity such as file manipulation, email forwarding and OAuth activity.

With an organization's credentials in hand, cybercriminals can log into systems as impostors, move laterally across multiple cloud services and hybrid environments and send convincing emails while pretending to be real employees.

EVP of cybersecurity strategy at Proofpoint, Ryan Kalember provided further insight on the firm's latest findings in a blog post, saying:

“Our research clearly demonstrates that attackers are using both Microsoft and Google infrastructure to disseminate malicious messages and target people as they leverage popular cloud collaboration tools. When coupled with heightened ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders.” 

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Flags of Iran, China, Russia and North Korea on a wall. China North Korea Iran Russia alliance
Cybercrime is helping fund rogue nations across the world - and it's only going to get worse, Google warns
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Samsung Galaxy Z Flip 6 in blue

5 things I want from the Samsung Galaxy Z Flip 7

See more latest
Most Popular
An AI face in profile against a digital background.
The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so
Discord Clyde
Discord's game overlay has seen a complete revamp - I've tried it, and it's one of the best updates ever
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day