Microsoft and Google cloud-based infrastructures are being used by attackers

Recently published research is revealing a growing in popularity trend where both Microsoft and Google cloud-based infrastructures are being used by attackers as a means of targeting users utilizing popular cloud tools and spreading harmful messages to them.

Microsoft And Google Clouds

During the Covid-19 pandemic, many threat actors have shifted their attention to the trustworthy cloud-based services the two tech giants are offering with the idea to conceal numerous phishing scams by making them appear legit.

Researchers have detected that for the period from January to March this year alone, nearly 7 million malicious emails have been sent from Microsoft 365’s and nearly 45 million from Google’s infrastructure. According to the published information, fraudsters have actively been using tools like Office 365, Azure, OneDrive, SharePoint, G suite, and Firebase storage to send phishing emails and host various attacks.

A shocking revelation of the report points out to the fact that the volume of malicious messages passed through these trusted cloud services has significantly exceeded that of all Botnet services in 2020.

The usage of popular domains like and adds up to the problem of detection. Meanwhile, email has recently regained its status as the leading vector for ransomware distribution where attackers get quite crafty in creating convincing phishing email messages.

A number of instances where Microsoft and Google cloud services have been used for the distribution of phishing campaigns were detected, all of which attempting to trick users to enter their personal information or download malware.

Many of the lures have been using COVID-19 as a bait, pretending to be important guidelines or documents related to the pandemic, researchers are sharing.

In another example of an effective credential-stealing campaign, fraudsters have distributed a video conference credential collection e-mail by hiding it behind the “” domain name.

In a new malicious campaign that has started in March, attackers have utilized Gmail to host another attack that distributed a Microsoft Excel attachment that delivered the Trick Banking Trojan once macros were enabled.

Xorist ransomware has also been distributed since February through a Gmail-hosted campaign in a similar fashion where a zipped MS Word attachment that required the victim’s password to get unlocked delivered the threat the moment macros were enabled.

The exploitation of Gmail and Microsoft by attackers to provide their emails with a veneer of validity is part of a growing trend that points to one thing – threat actors are using more and more persuasive lures than ever before.

About the author


Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment