Article: Elastica Cloud Threat Labs Discovered Latest Google Drive Phishing Campaign!


“Elastica Cloud Threat Labs recently discovered a new Google Drive phishing campaign in which an attacker deployed phishing web pages on Google Drive. This is not the first time Google Drive has been used for phishing purposes. Last year, the security community encountered a similar type of Google Drive phishing attack.  The basic mechanism of the attack featured in this case study is somewhat similar to the attack that was seen last year, but is more advanced due to the use of code obfuscation.

In this phishing campaign, we found some stealthy techniques used by the attacker to protect the phishing web page code. The attacker deployed a JavaScript encoding mechanism to obfuscate the code in the web pages so that they could not be read easily. Using Google Drive for hosting phishing web pages provides an attacker with the ability to exploit the established trust users have with Google. For example, in this campaign, the attacker used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive. However, the attacker did not use Google Drive for storing stolen credentials, rather a third-party domain was used instead. Considering the overall attack chain, a majority of the components abused by the attackers belonged to Google’s platform.

While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model, and necessitating a modern, flexible security stack designed to account for its borderless perimeter.  A modern cloud security architecture addresses these challenges by providing deep visibility (i.e. activity and resource/file information) into user cloud access, detection systems equipped to  leverage fine-grained information to find threats, and scanning of documents transferred and shared in the cloud to prevent the exfiltration of sensitive information. With such measures in place, an enterprise can feel confident in the safe and secure access of cloud applications.”



About Author

Comments are closed.