Skip to Main Content

Google Users Under Attack

Posted on 7.30.2015

It seems attackers have fooled Google's spam engine with phishing emails, luring victims to Google Drive-hosted Web pages that steal users' credentials.

Cloud application security solution Elastica released findings that the attackers deployed a JavaScript encoding mechanism to obfuscate Web page code that could not be easily read. Attackers were able to reach a wider network of end-users by exploiting a widely used and highly trusted enterprise tool such as Google Drive to host malicious Web pages, where attack victims were directed. In this case, the attackers used Gmail to distribute emails containing links to unauthorized Web pages hosted on Google Drive, and then stored stolen credentials through a third-party domain.


 SUBSCRIBE to Website Magazine - 12 Issues FREE


Though researchers are uncertain whether the Gmail account was compromised or if attackers created a false account, the phishing emails were delivered successfully and undetected by Google's built-in spam engine.

"In this particular incident, attackers were able to circumvent tight security controls and target Google users specifically to gain access to a multitude of services associated with Google accounts," said Dr. Aditya K Sood, architect of Elastica Cloud Threat Labs. "While the cloud offers unprecedented benefits to its users, it is challenging the traditional security model and necessitating a modern, flexible security stack designed to provide protection in a perimeterless world."

Leave Your Comment

Login to Comment

Become a Member

Not already a part of our community?
Sign up to participate in the discussion. It's free and quick.

Sign Up

 

Leave a comment
    Load more comments
    New code
  •    
      

    The Ultimate Guide to Personalization

    Kibo