Cloud Computing Technology had made it simpler than ever to migrate and store information on platforms. But the disappointing part of this concept is that the benevolence of cloud technology is not without the malevolent counterpart. Several individuals come across different measures that exploit the recent vulnerabilities of cloud, comprising of recent form of attacks like Man in the Cloud. This post is going to aware readers with MITC Attack, the way it works, and prevention measures against it.
What is Man in the Cloud Attack?
This MITC attack relies on common document synchronization services like G Drive, Dropbox, OneDrive, etc. Its infrastructure is C&C-based, comprising of remote access and data exfiltration. The vulnerable attack does not demand any specific malicious program or exploit to be utilized at initial ‘infection’ stage, therefore, making it difficult in prevention. In addition to all this, the synchronization protocols usage makes it intensively difficult to differentiate malicious traffic and normal traffic. In case of account compromising is suspected, the evidence discovery and analysis is not at all simple. It is so because there exists at least small evidence (which is completely hidden) of the incidence in any of the attacks, mostly at the endpoints. The Cyber attacker gains access on the victim account in Man in the Cloud attack and that too without comprising the victim’s account credentials. For a forensic investigator, it is tough to determine the type of compromised profile. Also, account recovery after this MITC attack is not always feasible.
Work Of Man in the Cloud Attack
The working of MITC vulnerability attack is dependent upon acquiring access over the device synchronization token. This token is stored in a registry or file on the device. This helps in continuous synchronizing without any request of again-and-again entering credentials. The attacker acquires the power to perform code execution on victim’s machine. It helps attacker in installing his or her synchronization token on device of victim and hence, copies the synchronization token of victim into the sync folder. The device of the targeted entity synchronizes this token to the machine of attacker. Now the attacker is having right to work with this token and then, reset the original synchronization token of the targeted individual. In simple words, Man in the Cloud attack is caused because of the successful data synchronization of the attacker’s device with victim’s information.
Man In The Middle Attack Prevention Strategies
Following highlighted are few protection ideas through which organizations can detect and prevent themselves from Man in the Cloud attack:
- Device Pinning – The administrator should limit down the device usage on the basis of employees behavior and performance. If he or she is allowed only to sync one laptop with cloud, MITC attacker will not acquire access on user’s content. Unfortunately, it is found that organizations rarely impose this type of security feature in BYOD scenario. In order to make work easy, enterprises can spend their finance on trending security platforms like CloudCodes, to achieve a strong protection on shared cloud platforms.
- Security Intelligence – Another prevention strategy for Man in the Cloud attack says that monitoring needs to be done on employee’s activity. At least, the cloud data monitoring software should be having the capability of detecting anomalous behavior and quickly generate an alert. Number of anomalies related to the user devices, time of use, geographical location, etc., are generated by the MITC attack. All data monitoring service providers like CloudCodes, are known from the importance of this system and, invest their intelligence skills in originating an advance system.
- Cloud Policy Controls – Every security platform in an industry needs to maintain balance while enforcing data loss prevention policies on business cloud services. Till today’s date, several officials are their who invest in on-premises DLP measures. While few of these solutions are expanded DLP controls to cloud data where Man in the Cloud attack occurs. Enforcing cloud DLP standards and remediation policies on cloud storage platforms like OneDrive and Box, organizations make themselves ready to fight against cyber threats.
- Data Encryption – Even if an attacker gets chance to gain access on victim’s data then also it is possible to make stored content useless for attacker. This is possible by the technology of data at rest encryption standards. The encryption algorithm converts understandable information into the non-understandable data due to which a hacker finds that the targeted PC’s data is of no use. Therefore, enterprises are strongly recommended not to keep their data open or unsecured on cloud. Apply encryption policies in rest as well as transmit mode so as to ensure that data is safe even at the time of man in the middle attack.
There no fix time when a vulnerability attack on targeted system can occur, because no one knows who is in the attacker’s mind. Man in the Cloud threat is caused due to synchronization of business content with hacker’s system. This means that businesses need to develop strong protection boundaries on their shared drive platforms. Different ideas to be safe from MITC attack are illustrated in this post. You can go through them and adopt the solutions, which you think are essential for your cloud business security.