A recent Report issued by Imperva Hacker Intelligence on Man-in-the-Cloud (MITC) attacks indicates how threat actors abuse popular cloud storage services for illegal activities. The experts have analyzed a number of cloud storage services including Dropbox, Google Drive, Box, and Microsoft OneDrive. The report shows how hackers exploit common file synchronization services for command and control (C&C) communications, remote access, data exfiltration and endpoint hacking by reconfiguring them. The alarming issue found is that attackers can gain access to file synchronization accounts without compromising victim’s credentials. The experts explained that even if the tokens are encrypted on the local device, hackers can easily access and decrypt them to synchronize any device with the victim’s account. Man-in-the-Cloud attacks are easy to run, in some cases attacks can maintain access to the compromised account installing a backdoor, and the access will be granted even after victims change their password. Man-in-the-Cloud attacks are particularly difficult to track because the malicious code is typically not left running on the targeted machine and data traffic to/from the cloud architecture normally does not raise any suspicion.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street