Detection & Prevention of Man-in-the-Cloud (MITC) Attacks via Access Control

Marketing Team Cloud Security Expert - CloudCodes Software
  • August 18th, 2021

How Man in the Cloud or MITC Attacks Work?

Over the past few years, there is an alarming increase in the amount of data and information transferred to the cloud and stored within various cloud-based platforms. Some cloud-based services, like MS OneDrive, Google Drive, Dropbox, etc., have been seen to make these processes more comfortable. Within a few mouse clicks, low-cost or sometimes even cost-free synchronization service can be easily set up between local folders and cloud-based copies of those folders by anyone. The advantages of using these cloud-based services include file sharing, automated data backup (off-site), system-independent cloud data access, and collaboration from any place and at any point in time. Such services go unnoticed5 to the pitfalls of using these services, and such advantages turn into disadvantages due to malicious entities with ill-intents of stealing data, which makes the entire scene of using cloud services a highly risky one, given the sensitivity of data under transmission in the cloud. Some of these highly inventive cyber attackers have lately come up with this technique called the “man in the cloud attacks,” i.e., MITC attacks. These attacks leverage the characteristic – “access data from anywhere at any time” of cloud storage.

Details of Man in the Cloud (MITC) Attacks

The application that synchronizes with cloud service makes use of a synchronization token for gaining access to the right account as well as data. The attackers usually place certain malware over the targeted systems, which are also called the switchers; this is done through social-engineering attacks, which are clubbed with malicious attachments in emails. Once malware gets launched, that then moves the potential victim’s synchronization token to the actual data-sync folder. It would then replace that particular original token with the one crafted by attackers.

 When targeted applications sync with data-sync envelopes next time, the target’s unique token gets copied to attackers’ cloud locations from where that could be easily downloaded & then used subsequently by those attackers. This provides the attackers with access to the victims’ cloud-based data from any computer machine whatsoever; thus providing the attackers with the ability to sync malicious files and replace those very commonly used files that the victim usually trusts. It is done in a way to erase most of the evidence of these attacks.

Detection of Man in the Cloud (MITC) Attacks

Detection in the Cloud (MITC) attacks is highly tricky. There’s one login process that is against the cloud service, which uses a separate synchronization token (user). By itself, this won’t warrant any alarm. Some watchful users can analyze the login geo-location history through the cloud’s various platforms portal. Also, some of the traditional/behavioral anti-virus products can be used for dealing with most such infections. But these are not the best and most-reliable attack detection methods. Instead, CASB solutions with the Access Control module serve the purpose better.

Prevention of Man in the Cloud Attacks

A highly successful and apt way of preventing such social-engineering attacks, which are likely to precede these “Man in the Cloud (MITC) attacks,s” is via combining adequate & proper technical controls with comprehensive training to teach security awareness.

How Do Firms Protect Themselves from Man in the Cloud Attacks via Access Control?

One of the best technologies targeting the characteristics of these Man in the Cloud (MITC) attacks is cloud access security broker (CASB) solutions. CASBs either deploy inline where they can function as proxies or through APIs where they could monitor traffic to & from cloud platforms. Both of these options have their benefits, but one of the primary functions of these products is monitoring cloud traffic for account anomalies that are generated by such MITC attacks. 

Firms should now be well aware of the threats of man-in-the-cloud attacks and must also review their cloud-based apps as well as their infrastructure for seeing how such attacks can compromise their work environments and lead to data breaches. Deploying CloudCodes CASB solutions, which have an Access Control module, can safeguard the systems and prevent the organizations from these Man in the Cloud (MITC) attacks.