Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Man-in-the-Cloud Attacks rely on common file synchronization services to hack cloud account

Man-in-the-Cloud Attacks rely on common file synchronization services to hack cloud account


A recent Report issued by Imperva Hacker Intelligence on Man-in-the-Cloud (MITC) attacks indicates how threat actors abuse popular cloud storage services for illegal activities. The experts have analyzed a number of cloud storage services including Dropbox, Google Drive, Box, and Microsoft OneDrive. The report shows how hackers exploit common file synchronization services for command and control (C&C) communications, remote access, data exfiltration and endpoint hacking by reconfiguring them. The alarming issue found is that attackers can gain access to file synchronization accounts without compromising victim’s credentials. The experts explained that even if the tokens are encrypted on the local device, hackers can easily access and decrypt them to synchronize any device with the victim’s account. Man-in-the-Cloud attacks are easy to run, in some cases attacks can maintain access to the compromised account installing a backdoor, and the access will be granted even after victims change their password. Man-in-the-Cloud attacks are particularly difficult to track because the malicious code is typically not left running on the targeted machine and data traffic to/from the cloud architecture normally does not raise any suspicion.
 
Source:
Security Affairs
 
Imperva Intelligence
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis