{"id":16274,"date":"2015-07-28T12:37:07","date_gmt":"2015-07-28T12:37:07","guid":{"rendered":"http:\/\/www.businesscloudnews.com\/?p=231562"},"modified":"2015-07-28T12:37:07","modified_gmt":"2015-07-28T12:37:07","slug":"google-drive-vulnerable-to-undetectable-phishing-campaign-experts-claim","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/google-drive-vulnerable-to-undetectable-phishing-campaign-experts-claim\/","title":{"rendered":"Google Drive vulnerable to undetectable phishing campaign, experts claim"},"content":{"rendered":"<div id=\"attachment_162891\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"http:\/\/www.businesscloudnews.com\/files\/2013\/11\/hacker.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-162891\" src=\"http:\/\/www.businesscloudnews.com\/files\/2013\/11\/hacker-300x237.jpg\" alt=\"Hackers used Google Drive to mount a barely detectable phishing attack\" width=\"300\" height=\"237\" \/><\/a><\/p>\n<p class=\"wp-caption-text\">Hackers used Google Drive to mount a barely detectable phishing attack<\/p>\n<\/div>\n<p>Google Drive has been subject to a phishing attack that used JavaScript code obfuscation and compromised websites in order to steal end-user account credentials using Google services.<\/p>\n<p>Elastica researchers <a href=\"https:\/\/www.elastica.net\/2015\/07\/elastica-cloud-threat-labs-discovered-latest-google-drive-phishing-campaign\/\">explained<\/a> attackers deployed a JavaScript encoding mechanism to obfuscate web page code that could not be easily read, and used fake SSL credentials\u00a0to gain entry to Google\u2019s services. Attackers were able to reach a wide network of end-users by exploiting Google Drive to host malicious Web pages, where attack victims were directed.<\/p>\n<p>The hackers used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive, and then stored stolen credentials through a third-party domain.<\/p>\n<p>Although the malicious pages were reported to Google, Elastica said they have yet to be removed.<\/p>\n<p>\u201cIn this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts,\u201d said Aditya K Sood, architect of Elastica Cloud Threat Labs.<\/p>\n<p>\u201cWhile the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world.\u201d<\/p>\n<p>Because the pages were hosted on Google Drive, which uses SSL to encryption, standard security methods like IP blacklisting and intrusion detection weren\u2019t effective.<\/p>\n<p>Rehan Jalil, chief executive of Elastica said these issues will likely keep cropping up as cloud usage grows.<\/p>\n<p>\u201cSecurity and risk professionals are quickly learning that legacy security solutions are no longer effective for cloud applications,\u201d Jalil said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google Drive has been subject to a phishing attack that used JavaScript code obfuscation and compromised websites in order to steal end-user account credentials using Google services.<\/p>\n","protected":false},"author":105,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2371,344,1315,1976],"tags":[118],"class_list":["post-16274","post","type-post","status-publish","format-standard","hentry","category-elastica","category-google","category-hacking","category-news-analysis","tag-security"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16274","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/105"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=16274"}],"version-history":[{"count":2,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16274\/revisions"}],"predecessor-version":[{"id":16276,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16274\/revisions\/16276"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=16274"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=16274"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=16274"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}