Man in the Cloud Attacks on Box, Google Drive and Dropbox

Michelin Man in the Sky - Flickr

If your company uses cloud applications such as Box, Google Drive or Dropbox to make data available to multiple users and devices, then you should be aware of Man in the Cloud (MITC) cyber attacks. Imperva, a cyber security company based in northern California, described MITC as a new type of attack in its August Hacker Intelligence Initiative Report.

As SecurityWeek and PCMag point out, MITC attackers can easily use Box or one of the other file synchronization services to control communication, gain remote access or extract data in a much simpler way. Attackers don’t have to steal a user’s account credentials or compromise the cloud provider’s servers. The attackers just have to access the file synchronization information on the user’s device which is usually stored in a file, registry or credential manager. According to experts, this information can easily be accessed and decrypted by attackers. The attackers can then synchronize their own devices with the victim’s account by copying the victim’s synchronization information to the right place on the attackers’ system.

Incidentally, an MITC attack is different from attacks identified by similar names such as Man in the Middle (MITM) and Man in the Browser (MITB) attacks. An MITM attack is one in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other. It’s a form of eavesdropping, but the entire conversation is controlled by the attacker who even has the ability to modify the content of each message.

An MITB attack involves stealing login credentials, account numbers, and various other types of financial information. The attack combines the use of Trojan horses with a unique phishing approach that captures data as the user enters it. The user is completely unaware of that the data is being hijacked, because he or she is interacting with a legitimate site.

Since MITC attacks are the newest forms of cyber threats, Imperva recommends that organizations protect themselves from MITC attacks in two ways. First, monitor access and usage of cloud services across the enterprise. Second, utilize controls such as data activity monitoring and file activity monitoring around business data resources to recognize abnormal and abusive access to critical data.


Ryan Lahti is the founder and managing principal of OrgLeader, LLC. Stay up to date on Ryan’s STEM-based organization tweets here: @ryanlahti

(Photo: Michelin Man in the Sky, Flickr)