//////////////////////////////////////////////////////////////////////////
measures such as endpoint and perimeter
protection. Businesses should instead
prepare to significantly minimise (or even
eliminate) the chance of having a man in its
cloud in the first place.
Four steps to protect against MitC attacks:
Anurag Kahol, CTO, Bitglass
authentication is completed. This is done to
improve usability – users don’t have to enter
their password every time they attempt to
access an app if they have an OAuth token.
However, the ‘anytime, anywhere’ nature
of cloud services means that the same
token can grant access from any device. As
such, if an attacker can access and copy a
token, he or she can infiltrate the victim’s
cloud remotely – in a manner that appears
genuine and bypasses security measures.
The research team that first discovered MitC
attacks, Minerva, found that social engineering
was the easiest way to get access to a token.
This involves tricking the victim into running
purpose-built malware tools, such as Switcher,
that are usually distributed via email. Once
executed on the victim’s device, this malware
installs a new token (belonging to a new
account that the attacker created) and moves
the victim’s real token into a cloud sync folder.
Then, when the victim’s device next syncs,
it syncs the victim’s data to the attacker’s
account instead of the victim’s. So how do you
know when there is a man in your cloud?
Unfortunately, adding to the malicious intent
of the attack, the original account token is
revealed to the attacker. It is at this point of
the attack that the Switcher can be used to
copy the original account token back to the
victim’s machine and erase the malicious one,
removing all traces of the security breach and
leaving the attacker with full access to the
victim’s account on any device.
The nature of the MitC attack makes it very
difficult to prevent with conventional security
www.intelligentcio.com
1. Keep cloud data under lock and key
with encryption
Encryption cannot prevent a business
from being a victim of attack, however
it can minimise the data breaches that
could take place in the aftermath. That
is provided the encryption keys are not
also stored within the targeted cloud
service, any data accessed through an
MitC attack would remain encrypted to
the attacker. This means that the stolen
information would be indecipherable
and unusable to the malicious party.
2. Nothing less than
two-factor authentication
A simple but effective way to help
minimise the threat of MitC attacks is
multi-factor authentication (MFA). This is
available with leading cloud services like
Office 365, as well as specialised security
solutions built to verify users’ identities
across all of an organisation’s cloud-
based resources. It adds an extra layer of
security that can easily thwart an MitC
attacker who doesn’t have the ability to
authenticate beyond an OAuth token.
3. Hire a traffic warden (cloud access
security broker)
Deploying a cloud access security broker
(CASB) is one of the most comprehensive
ways to protect against threats like
MitC attacks. CASBs intermediate all
traffic between an organisation’s cloud
apps and endpoint devices – they
automatically replace each app’s OAuth
tokens with encrypted tokens before
delivering them to endpoints. As a device
attempts to access a cloud app, the
FEATURE: THREAT ANALYSIS
unique, encrypted token is presented to
the CASB, which decrypts it and passes it
along to the app. Consequently, if a user’s
token were to be replaced with a hacker’s,
then the malicious token would fail
validation and decryption at the proxy,
denying access to the intended victim’s
account and nullifying the attack.
4. Consistent and regular security training
This is one of the most effective security
measures – it is also one of the simplest
and often overlooked. MitC attacks rely
on social engineering to be successful. But
a well-trained, security-vigilant employee
is far less likely to click on a malicious
link or a suspect attachment inside of a
phishing email. Every organisation should
be security conscious and conduct regular
training sessions with its employees to
ensure they know the tell-tale signs of an
attempted attack.
Cloud usage in the workplace is only going
to continue to grow as one of the preferred
business services and like with so many
technologies, security risks are inevitable.
But it’s how you mitigate the risk that’s
important. In the case of MitC attacks,
they are designed to give the hacker access
to sensitive information by exploiting the
‘anytime, anywhere’ data access provided
by the cloud. Even though detecting MitC
threats with conventional security tools
is virtually impossible, the risk of these
attacks should not put businesses off using
cloud services – organisations are not
defenceless. Regular employee trainings,
when combined with security measures
like encryption, two-factor authentication
and CASBs, can provide an extremely
robust defence against MitC attacks and
countless other threats. In the modern
business world, effective security isn’t a
luxury – it’s a necessity. Any organisation
that fails to remain prepared will inevitably
suffer a breach. n
A WELL-TRAINED, SECURITY-VIGILANT
EMPLOYEE IS FAR LESS LIKELY TO CLICK
ON A MALICIOUS LINK OR A SUSPECT
ATTACHMENT INSIDE OF A PHISHING EMAIL.
INTELLIGENTCIO
57