Google Drive has been subject to a phishing attack that used JavaScript code obfuscation and compromised websites in order to steal end-user account credentials using Google services.
Elastica researchers explained attackers deployed a JavaScript encoding mechanism to obfuscate web page code that could not be easily read, and used fake SSL credentials to gain entry to Google’s services. Attackers were able to reach a wide network of end-users by exploiting Google Drive to host malicious Web pages, where attack victims were directed.
The hackers used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive, and then stored stolen credentials through a third-party domain.
Although the malicious pages were reported to Google, Elastica said they have yet to be removed.
“In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts,” said Aditya K Sood, architect of Elastica Cloud Threat Labs.
“While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world.”
Because the pages were hosted on Google Drive, which uses SSL to encryption, standard security methods like IP blacklisting and intrusion detection weren’t effective.
Rehan Jalil, chief executive of Elastica said these issues will likely keep cropping up as cloud usage grows.
“Security and risk professionals are quickly learning that legacy security solutions are no longer effective for cloud applications,” Jalil said.