A new report out is showing the cloud may not be as secure as users hope. This is all because of a new attack known as the Man-in-the-Cloud is compromising consumer information. The scary part is that it may be happening without any ones knowledge.
A Man-in-the-Cloud attack is very similar to the famous “man-in-the-middle” assault hackers tend to use. However, instead of intercepting information as it passes between two servers, intruders gain access by grabbing the password token that is located on the user’s hard drive.
Man-in-the-Cloud Attack Targets Dropbox and Other Off-site Accounts
This token is obtained through either a “drive-by” exploit or phishing attack. Despite how hackers acquire it, once inside they can then use it to fool the user’s account into thinking that their system is the owner’s.
Once inside, the attacker can take information or even plant malware within the drive without anyone’s knowledge.
Despite additional protections offered by companies such as Dropbox, researchers indicate that users are not utilizing those persuasions, as they should. The cloud storage giant offers two step authentication and alerts that will tell a customer when a new system accesses their account. Sadly, many people ignore these warnings.
According to Amichai Shulman, Imperva’s chief technology officer, there is a reason to be alarmed.
“We should be really worried about this. Attackers are looking at methods of being less detectable. But the reality is that it’s already happening.”
Dropbox Assures Files Are Safe
Despite the warnings, Dropbox claims that their users should have no worries. In an interview with CSO Online, the head of Trust and Security Patrick Heim says that the company has features in place to protect their customers.
Heim does acknowledge there is a trade-off in security by sharing information. However, he claims that the company has minimized that gap by offering document-level control.
Despite the new Man-in-the-Cloud assaults, Dropbox insists that their service is much safer than keeping files on site.
“The big challenge organization have, when you look at some of these breaches, is they’re not able to scale up to secure the really complicated in-house infrastructures they have.”
At this time, Dropbox, nor any of its representatives, have spoken about the newest Man-in-the-Cloud attacks. The company has also not commented on any additional methods available, other than those already mentioned, to help consumers keep their information from falling prey to this type of assault.
Man-in-the-Cloud is the newest insidious way for hackers to take control of information not belonging to them and it can happen to any cloud storage provider. Changing passwords does not help prevent this type of attack, even if users do not ignore the alerts sent to them.
We would like to know what you think about this attack and what Dropbox is doing to help customers.