Attackers Fooled Google Spam Engine With Phishing Emails That Lured Victims to Google Drive-Hosted Malicious Web Pages Used to Steal Users' Credentials
Though researchers are uncertain whether the Gmail account was compromised or if attackers created a false account, the phishing emails were delivered successfully and undetected by Google's built-in spam engine. This is most likely because the emails were sent from what appeared to be an authentic Google account and the embedded link pointed to "googledrive.com."
When Elastica reported it to Google two weeks prior to this announcement, all the components in this phishing attack were working. Though the phishing Web pages have been reported to Google, they are currently still active and have not yet been removed.
"In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts," said Dr. Aditya K Sood, architect of Elastica Cloud Threat Labs. "While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world."
Because the phishing Web pages are hosted on Google Drive, standard blacklisting using IP addresses and URLs is ineffective. Traditional intrusion detection and prevention systems cannot provide defense in these types of scenarios either. Credentials stolen in these attacks can be used by attackers themselves or sold on the digital black market to buyers who then use them for malicious purposes.
"Security and risk professionals are quickly learning that legacy security solutions are no longer effective for cloud applications," said Rehan Jalil, CEO, Elastica. "Elastica applies machine learning for user behavior modeling that can detect malicious activities inside cloud applications and can thwart cloud access breaches."
Major enterprises, including Fortune 50 companies, rely on Elastica CloudSOC to ensure safe and secure use of their enterprise SaaS and cloud applications.
For a detailed analysis of the attack, please visit the Elastica Cloud Threat Labs blog at: https://www.elastica.net/2015/07/elastica-cloud-threat-labs-discovered-latest-google-drive-phishing-campaign
Interact with Elastica:
Join Elastica on LinkedIn: https://www.linkedin.com/company/elastica
Like Elastica on Facebook: https://www.facebook.com/ElasticaInc
Follow Elastica on Twitter: https://twitter.com/elasticainc
Elastica is the leader in Data Science Powered™ Cloud Application Security. Its CloudSOC™ platform empowers companies to confidently leverage cloud applications and services while staying safe, secure and compliant. A range of Elastica Security Apps deployed on the extensible CloudSOC™ platform deliver the full life cycle of cloud application security, including auditing of shadow IT, real-time detection of intrusions and threats, protection against intrusions and compliance violations, and investigation of historical account activity for post-incident analysis. Elastica is venture-backed by the Mayfield Fund, Pelion Ventures, Third Point Ventures and is headquartered in San Jose, CA.
Learn more about Elastica at http://www.elastica.net.
Media Contact for Elastica Aparna Aswani Bhava Communications for Elastica [email protected] 415-699-8331
NewsMaker is an Australian Press Release Distribution and Social Media Marketing service founded in 2004. The company today represents over 22,000 brands who seek to share their content with journalists, bloggers and the community.
P: +61 414 69 70 71