Sep 13, 2018

The so-called "man-in-the-cloud" attack is said to be a common flaw in most cloud-based file synchronization services

Hackers don't even need your password anymore to get access to your cloud data.

The attack works by grabbing the password token, a small file that sits on a user's devices for convenience (which saves the user from entering their password each time). When the token is obtained, either through a phishing attack or a drive-by exploit, it can be used to fool a new machine into thinking the attacker is the account's owner. From there, the attacker can access and steal files, and even add malware or ransomware to the victim's cloud folder, which can be used for further attacks.

Researchers at Imperva released details about a new type of attack, called 'Man in the Cloud'. The attack can quietly coopt common file synchronization services, such as Box, Dropbox, Google Drive and Microsoft OneDrive, to turn them into devastating attack tools not easily detected by common security measures.

Organisations should consider protecting themselves from MITC attacks with a two-phased approach. First, organisations should use a cloud access security broker (CASB) solution that monitors access and usage of its enterprise cloud services. Second, they should deploy controls such as data activity monitoring (DAM) and file activity monitoring (FAM) solutions around business data resources to identify abnormal and abusive access to business critical data.