Attackers are targeting Microsoft and Google Clouds to perform mass phishing attempts, sending roughly 52 million malicious messages leveraging the likes of Office 385, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage. The reported influx in phishing attempts was recorded in Q1 of 2021 and is likely a result of threat actors capitalizing on the continuation of work-from-home efforts due to Covid-19 that will likely change in the next several months as more people receive vaccinations. Attackers create convincing phishing emails by impersonating the aforementioned Microsoft services, then harvesting credentials through the malicious pages.

In the first three months of 2021, researchers found 7 million malicious emails sent from Microsoft 365 and another 45 million sent from Google’s infrastructure, according to Proofpoint. The firm stated that the volume from the trusted cloud services far exceeded that of any botnet in 2020, and was likely to be more effective due to their impersonation efforts. Proofpoint stated that the perception of authenticity is essential to the phishing campaign’s success. The report also claims that email is the top vector for ransomware and that threat actors are increasingly looking to leverage the supply chain and partner ecosystem to compromise accounts, steal credentials, and siphon funds.