A six-month study of major cloud service tenants, Proofpoint researchers observed massive attacks leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale. Attacks against Office 365 and G Suite cloud accounts using IMAP are difficult to protect against with multi-factor authentication, where service accounts and shared mailboxes are notably vulnerable. Phishing campaigns tricked recipients into revealing authentication credentials, providing attackers with additional avenues into corporate accounts. Most attacker logins originate from Nigerian IP addresses, followed by logins from Chinese IP addresses.”]