A new attack that uses phishing web pages hosted on Google Drive has been discovered by Aditya K Sood, architect of Elastica Cloud Threat Labs, and his research team. The attack lends Google credibility to fool security-trained users exploiting the trust users have with Google. This latest attack was built on previous techniques from last year by adding advanced code obfuscation.
“In this phishing campaign, the attacker used Gmail to distribute emails containing links to unauthorised web pages hosted on Google Drive,” Sood says. “The attacker is not conducting a man in the middle attack, he's not disrupting the network channel, he's simply abusing how the Google Drive publishing functionality works and then exploiting that for his own nefarious purposes.”
Using Google Drive, attackers make it difficult for security solutions to find the attack using IP address blacklisting. Code obfuscation messes up the security detection process even more by hiding the HTML source code.
According to Sood, the main goal was to target Google users because of Google's use of single sign on and the potential to gain access to multiple services through one credential.