The hackers used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive, and then stored stolen credentials through a third-party domain.
Although the malicious pages were reported to Google, Elastica said they have yet to be removed.
“In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts,” said Aditya K Sood, architect of Elastica Cloud Threat Labs.
“While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world.”
Because the pages were hosted on Google Drive, which uses SSL to encryption, standard security methods like IP blacklisting and intrusion detection weren’t effective.
Rehan Jalil, chief executive of Elastica said these issues will likely keep cropping up as cloud usage grows.
“Security and risk professionals are quickly learning that legacy security solutions are no longer effective for cloud applications,” Jalil said.