“Elastica Cloud Threat Labs recently discovered a new Google Drive phishing campaign in which an attacker deployed phishing web pages on Google Drive. This is not the first time Google Drive has been used for phishing purposes. Last year, the security community encountered a similar type of Google Drive phishing attack. The basic mechanism of the attack featured in this case study is somewhat similar to the attack that was seen last year, but is more advanced due to the use of code obfuscation.
While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model, and necessitating a modern, flexible security stack designed to account for its borderless perimeter. A modern cloud security architecture addresses these challenges by providing deep visibility (i.e. activity and resource/file information) into user cloud access, detection systems equipped to leverage fine-grained information to find threats, and scanning of documents transferred and shared in the cloud to prevent the exfiltration of sensitive information. With such measures in place, an enterprise can feel confident in the safe and secure access of cloud applications.”