New Phishing Campaign Leverages Google DriveNew Phishing Campaign Leverages Google Drive
Researchers believe technique is geared to take over Google SSO accounts.
July 28, 2015
For the second time in two years, security researchers have uncovered ongoing phishing attacks that leverage Google Drive, with this latest attack building on previous techniques by adding advanced code obfuscation.
Discovered by Aditya K Sood, architect of Elastica Cloud Threat Labs, and his research team, the new attack again uses phishing web pages hosted on Google Drive to lend them an air of credibility in order to fool even security trained users. As Sood explains, this exploits "the established trust users have with Google."
"In this phishing campaign, the attacker used Gmail to distribute emails containing links to unauthorized web pages hosted on Google Drive," he says. "The attacker actually abuses that Google Drive functionality. He's not conducting a man in the middle attack, he's not disrupting the network channel, he's simply abusing how the Google Drive publishing functionality works and then exploiting that for his own nefarious purposes."
"The HTML source code is not directly available," Sood says. "So any security solution looking into different features out of the HTML page are not going to work in this scenario," he says.
According to Sood, it appears the ultimate target was to target Google users due to Google's use of single sign on and the potential for gaining access to multiple services through a single credential.
"The basic idea behind this attack is the attacker wants to go after the Google SSO login accounts because it is used for multiple services and once you get a hold of it you can access all those services configured for a specific user account," he says.
This new attack method shows that attackers are figuring out how to take advantage of the trust inherent in our relations with SaaS services. While employees are generally trained to look for strange language or attachments indicative of email phishing attacks, cloud application phishing attacks may not throw up red flags.
"Phishing attacks on cloud services can be designed to appear exactly like the service itself. This is in contrast to email where an attacker would not have easy access to the typical language used in company email," Sood said, explaining that a site served up over HTTPS further lends credibility to the phishing site. "Such attacks can even follow the flow of a typical cloud-app use-case. In this case study, the user was presented with a PDF document."
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
Build a Case for a Password Manager