Cloud storage sites such as Dropbox, GoogleDrive and OneDrive will be the next area corporations will have to defend in their on-going battle to keep their data under wraps, according to a report by Imperva, which looked at the dangers of what the company referred to as Man-in-the-Cloud (MiTC) attacks.
MiTC attacks target common cloud storage sites by compromising the synchronization token that allows a single person to maintain access to the data through multiple points of contact.
Amichai Shulman, Imperva's CTO, told SCMagazine.com that an attack generally would start with a basic email phishing scam that places a simple take-over code into an employee's computer. The code is particularly hard to detect as it writes to a computer's registry file in the same place and manner as a benign piece of software.
The malicious software than hijacks the token used to authenticate the employee's access to the storage site and since the attack avoids the username and password it is hard to discover, the report stated.
However, so far corporations have been lucky.
“At this time we have not seen any [attack] exactly like we describe, but very soon they will come. This could be in the next six to 18 months,” Shulman said.
Shulman did point to evidence that criminals are now moving in this direction. He said the APT 29 Hammertossattack using Twitter accounts as a command and control tool is similar to MITC in that the attack is going after a data storage center using illegally obtained tokens and not a password.
Imperva offered a few defensive ideas against such an attack.
“Identify the compromise of file synchronization account, and even more importantly, identify the abuse of the internal data resource. We believe that the attackers are eventually after the enterprise data rather than the information stored at endpoints. Hence, an attack is bound to express itself by the attacker trying to access business data in a way that is not typical for normal enterprise users,” the report stated.
Shulman noted that those tasked with defending their companies are moving too slow and are instead continue to fight attacks at the perimeter and end point. Finally, the storage host firms must also do their part.
“If someone grabs a password they notice it and tell the end user, but with tokens no notice is given,” he said, adding that it is more difficult, but not impossible, to pick out if a token is not being used properly. However, the companies have to be aware the threat exists and put in place policies to deal with it.