Proofpoint reports that cases of threat actors abusing Microsoft and Google products such as Office 365, G-Suite, Azure, SharePoint, OneDrive and Firebase to commit attacks increased in 2020, coinciding with companies’ increased adoption of online collaboration tools and cloud computing services in their operations, according to TechRadar
Microsoft Office 365 alone was used as a channel for sending over 59 million malicious messages in 2020, while more than 90 million were sent through Google, including 27% that was sent through Gmail, currently considered the most popular email service in the world. Meanwhile, 45 million malicious messages were sent using Google’s infrastructure and seven million were sent via Office 365.
The positive reputations of Google and Microsoft also helped prevent many of these messages from being filtered as malicious, which caused the volume of messages from these services to surpass that of any botnet in 2020.
“When coupled with heightened ransomware, supply chain, and cloud account compromise, advanced people-centric email protection must remain a top priority for security leaders,” said Ryan Kalember, Proofpoint’s executive vice president of cybersecurity strategy.