Microsoft, Google Clouds Hijacked for Gobs of Phishing

From threatpost.com

Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021.

Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. And it’s working.

In fact, in the first three months of 2021 alone, researchers found 7 million malicious emails sent from Microsoft 365 and a staggering 45 million sent from Google’s infrastructure, Proofpoint reported, adding that cybercriminals have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage to send phishing emails and host attacks.

Read more…