Researchers at Imperva released details about a new type of attack, called 'Man in the Cloud'. The attack can quietly coopt common file synchronization services, such as Box, Dropbox, Google Drive and Microsoft OneDrive, to turn them into devastating attack tools not easily detected by common security measures.
According to Imperva's report, which was presented at BlackHat USA 2015, this next-generation attack does not require compromising the user's cloud account username or password.
"Our research has revealed just how easy it is for cyber criminals to coopt cloud synchronization accounts, and how difficult it is to detect and recover from this new kind of attack," said Amichai Shulman, CTO of Imperva. "Since we have found evidence of MITC in the wild, organisations who rely on protecting against infection through malicious code detection or command and control (C&C) communication detection are at a serious risk, as man in the cloud attacks use the in-place Enterprise File Synch and Share (EFSS) infrastructure for C&C and exfiltration."
With the increased usage of mobile devices, tablets, VPNs, remote desktop access and SaaS applications, data is moving to the cloud and expanding beyond traditionally-defined corporate boundaries. The cyber security firm said end point and perimeter security measures are insufficient at detecting and mitigating this threat as no malicious code persists on the end point and no abnormal outbound traffic channels are observed on the wire.
Organisations should consider protecting themselves from MITC attacks with a two-phased approach, said the company. First, organisations should use a cloud access security broker (CASB) solution that monitors access and usage of its enterprise cloud services. Second, they should deploy controls such as data activity monitoring (DAM) and file activity monitoring (FAM) solutions around business data resources to identify abnormal and abusive access to business critical data.
"Organisations must invest more effort in monitoring and protecting their business critical enterprise data resources both in the cloud and on-premises. By detecting abusive access patterns to such resources, enterprises can protect against this next generation of breaches."
Updated Date: Aug 05, 2015 21:41:25 IST