A new hack introduced at the Black Hat convention in Las Vegas by security firm Imperva is said to be able to access user’s cloud services without needing a password. The company has dubbed the hack “man-in-the-cloud” and the research shows that cloud services such as Google Drive, Dropbox, Box, Copy, iCloud and others can be accessed without the users knowledge. The hack works by intercepting the requested token the service requires when logging in from a new PC. Stealing this token gives the hackers everything they need to access the targets cloud account. Once the hacker has the token and access to the cloud account, it’s obvious they can steal anything within but even worse they can add things in.
A good example is, if a user accesses their cloud account at a library for the first time and the hacker intercepts the token gaining access to the account. The hacker can now leave malicious files in their cloud folders that can inject malware, ransomware and other ugly things once it is opened on another computer. This is a problem for not only regular users but businesses as well. Many employees access their accounts liberally from public computers then again on business computers. It’s not clear if Google Drive or the others are aware of the vulnerability or if they are working on fixes for the problem.
“Our research has revealed just how easy it is for cyber criminals to co-opt cloud synchronisation accounts, and how difficult it is to detect and recover from this new kind of attack,” he said.
“Since we have found evidence of MITC in the wild, organisations that rely on protecting against infection through malicious code detection or command and control (C&C) communication detection are at a serious risk, as MITC attacks use the in-place Enterprise File Synch and Share infrastructure for C&C and exfiltration.”
There’s a lot of interesting developments coming out of this years Black Hat convention and we’ll keep bringing them to you here.
What do you think of MITC (man-in-the-cloud)? Let us know in the comments below or on Google+, Facebook and Twitter.Source: The Inquirer