In this report, we demonstrate a new type of attack we call “Man in the Cloud” (MITC). These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, we show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.
Since most organizations either allow their users to use file synchronization services, or even rely on these services as part of their business toolbox, we think that MITC attacks will become prevalent in the wild. As a result, we encourage enterprises to shift the focus of their security effort from preventing infections and endpoint protection to securing their business data and applications at the source.
40. • Download HII report
– https://www.imperva.com/DefenseCenter/HackerIntelligenceReports
Notas do Editor
Let’s build this slide on the content of this URL:
http://searchcloudstorage.techtarget.com/news/2240237177/Enterprise-file-sync-and-share-expands-in-2014
Found more stats here
techcrunch.com/2014/11/27/the-most-popular-enterprise-storage-product-might-surprise-you/Pai
We have slides describing 3 parts of the attack plan. The 3rd one – retrieving data is trivial as it is provided by the platform.
Attacker can anonymously create a free account with any of the major EFSS vendors.
Encryption uses current user context and therefore decryption does not require a key, but rather code running in the user’s context.
It’s not clear how to disinfect an account in OneDrive