Category Archives: Elastica

Google Drive vulnerable to undetectable phishing campaign, experts claim

Hackers used Google Drive to mount a barely detectable phishing attack

Hackers used Google Drive to mount a barely detectable phishing attack

Google Drive has been subject to a phishing attack that used JavaScript code obfuscation and compromised websites in order to steal end-user account credentials using Google services.

Elastica researchers explained attackers deployed a JavaScript encoding mechanism to obfuscate web page code that could not be easily read, and used fake SSL credentials to gain entry to Google’s services. Attackers were able to reach a wide network of end-users by exploiting Google Drive to host malicious Web pages, where attack victims were directed.

The hackers used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive, and then stored stolen credentials through a third-party domain.

Although the malicious pages were reported to Google, Elastica said they have yet to be removed.

“In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts,” said Aditya K Sood, architect of Elastica Cloud Threat Labs.

“While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world.”

Because the pages were hosted on Google Drive, which uses SSL to encryption, standard security methods like IP blacklisting and intrusion detection weren’t effective.

Rehan Jalil, chief executive of Elastica said these issues will likely keep cropping up as cloud usage grows.

“Security and risk professionals are quickly learning that legacy security solutions are no longer effective for cloud applications,” Jalil said.

Cisco, Elastica join forces on cloud security monitoring

Cisco will resell Elastica's cloud service monitoring technology

Cisco will resell Elastica’s cloud service monitoring technology

Networking giant Cisco is teaming up with Elastica, a cloud security startup, in a move that will see the two firms combine their threat intelligence and cloud service monitoring technologies.

The partnership will also see Cisco resell Elastica’s cloud application security and monitoring solution (CloudSOC) to its customers.

“The combination of Cisco’s threat-centric security portfolio and Elastica’s innovation in cloud application security provides a unique opportunity. Our global customers gain additional levels of visibility and control for cloud applications and it enhances our portfolio of advanced cloud-delivered security offerings,” said Scott Harrell, vice president of product management, Cisco Security Business Group.

“We are excited to partner with Elastica to deliver an even richer portfolio of on–premises and cloud application security to protect businesses across the attack continuum – before, during, and after an attack,” Harrell said.

The move is a big win for Elastica, a startup that existed stealth in early 2014 and just last month secured $30m in funding. Cisco will provide the security startup with a large and varied channel that spans both the enterprise and scale-out markets, while Cisco can plug a gap in its burgeoning cloud-centric portfolio (that said, it’s possible the move is a precursor to an acquisition).

“CIOs want to empower employees with advanced cloud apps that help enterprises stay agile, productive and competitive in the marketplace. The power of these cloud apps – information sharing and built-in collaboration capabilities – also require a completely new approach to security,” said Rehan Jalil, president and chief executive of Elastica.

“Elastica’s cloud app security technology, together with Cisco’s broad security portfolio and footprint, will help us catalyze the safe and compliant use of cloud apps so that our customers can continue to securely make their businesses more agile and productive,” Jalil said.