Talk about The Man Upstairs wielding a lot of power.
Or in this case, the man hiding in the cloud.
In a new report, California-based cyber-security provider Imperva warms of increasingly prevalent and dangerous “man-in-the-cloud” attacks that can give hackers access to files stored in the cloud via commonly used synchronization services.
Imperva recently presented its August Hacker Intelligence Initiative Report, entitled “Man in the Cloud Attacks,” and it tells an illuminating and concerning story to those who read it.
According to the report, such stealth attacks are based on theft of the account holder’s password token. And at their most successful and brutal, these attacks can take advantage of and compromise most file synchronization services – including Dropbox, Google Drive, and Microsoft OneDrive. Without using any exploits, these attacks can transform such services from helpful tools into devastating weapons.
What makes these attacks even more disconcerting, per the report, is that they are not easily detected by common security measures. Because these stolen-password attacks don’t require the user’s account or password to be compromised at all, changing the passwords will not affect the attacker’s access. Once they’re in, they’re in.
In the words of the report’s researchers and authors:
“Recovery of the account from this type of compromise is not always feasible.”
To guard against these man-in-the-cloud attacks, Imperva recommends that businesses and other enterprises invest wisely in monitoring and protecting critical data – both on-premises and in the cloud – in order to detect any abusive access patterns. A cloud access security broker, along with data and file activity monitoring solutions, can provide the information and protection needed.
“We encourage enterprises to shift the focus of their security effort from preventing infections and endpoint protection to securing their business data and applications at the source,” said the Imperva authors of the report.
The report also points out that the token can only be exploited upfront by executing a “Switcher” – usually either by social engineering or malware – to copy the synchronization token into the cloud storage application.
“Our research has revealed just how easy it is for cyber criminals to co-opt cloud synchronization accounts, and how difficult it is to detect and recover from this new kind of attack,” said Imperva CTO Amichai Shulman.
The hard truth today is that it’s a complex, fast-moving and increasingly security-challenged world out there. To best prepare your business or organization to ward off the inevitable attack – whether it comes from a man in the cloud or a man in some far-flung location here on earth – you need to arm yourself with reliable, experienced and professional tech help.
Here at Be Different Solutions, we’re ready to put you in touch with tech help that makes a real difference. All our people (who can soon be your people too) are located in one of our two Europe- or U.S.-based offices. They’re not only dedicated, driven, experienced and reliable, but they are proficient in conversational English.
Contact us now to see how we can help you continue to prepare your business for success, safety and growth – both now and well into the future.