Detection & Prevention of Man-in-the-Cloud (MITC) Attacks via Access Control

admin Cloud Security Expert - CloudCodes Software
  • March 6th, 2018

How Man in the Cloud or MITC attacks Work?

Over the past few years, an alarming increase has been witnessed in the amount of data and information being transferred to cloud and stored within various cloud-based platforms. Some cloud-based services like MS OneDrive, Google Drive and Dropbox etc., have been seen make these processes much easier. Within a few mouse clicks, a low cost or sometimes even cost-free synchronization service can be easily set up between local folders and cloud-based copies of those folders by anyone. The advantages of using these cloud-based services include file sharing, automated data backup (off-site), system-independent cloud data access and collaboration from any place and at any point of time. Such services sometimes go unnoticed owing to the pitfalls of using these services and such advantages turn into disadvantages due to malicious entities with ill-intents of stealing data, which makes the entire scene of using cloud services a highly risky one, given the sensitiveness of data under transmission in cloud. Some of these highly inventive cyber attackers have lately come up with this technique called as the “man in the cloud attacks” i.e. MITC attacks. These attacks leverage the characteristic – “access data from anywhere at any time” of cloud storage.

Going into the Details of MITC attacks

The application that synchronizes with cloud service makes use of a synchronization token for gaining access to right account as well as data. The attackers usually place certain malware over the targeted systems, which are also called as the switchers; this is often done through social-engineering attacks, which are clubbed with malicious attachments in emails. Once malware gets launched, that then moves the potential victim’s synchronization token to the actual data-sync folder. This would then replace that particular original token for the one crafted by attackers. When targeted applications synch with data-sync folders next time, target’s original token gets copied to attackers’ cloud locations from where that could be easily downloaded & then used subsequently by those attackers. This provides the attackers with an access to the victims’ cloud-based data from any computer machine whatsoever; thus providing the attackers with the ability to synch malicious files and replaces those very commonly used files that the victim usually trusts. Much to the aghast of victims, this is done is a way that even erases most of the evidences of these attacks.

Detection of MITC attacks

Detection of Man in the Cloud (MITC) attacks is highly difficult. There’s one login process that is against the cloud service, which uses a separate synchronization token (user). By itself this won’t warrant any alarm. Some watchful user can analyze the login geo-location history through cloud’s various platforms portal. Also, some of the traditional/behavioral anti-virus products can also be used for dealing with most such infections. But these are definitely not the best and most-reliable attack detection methods. Instead, CASB solutions with Access Control module serve the purpose better.

Prevention of MITC attacks

A highly successful and apt way of preventing such social-engineering attacks, which are likely to precede these “Man in the Cloud (MITC) attacks” is via combining adequate & proper technical controls with comprehensive trainings to teach security-awareness.

How Do Firms Protect Them from MITC attacks via Access Control?

One of the best technologies targeting the characteristics of these Man in the Cloud (MITC) attacks are cloud access security broker (CASB) solutions. CASBs either deploy inline where they can function as proxies or through APIs where they could monitor traffic to & from cloud platforms. Both of these options have their own benefits, but one of the major functions of these products is of monitoring cloud traffic for account anomalies that are say generated by such MITC attacks. Firms should now be well aware about the threats of man-in-the-cloud attacks and must also review their cloud-based apps as well as their infrastructure for seeing how such attacks can compromise their work environments and lead to data breaches. Deploying CloudCodes CASB solutions, which have Access Control module, can really safeguard the systems and prevent the organizations from these Man in the Cloud (MITC) attacks.