As per recent Imperva’s Hacker Intelligence Initiative report on "Man-in-the-Cloud Attack", popular cloud storage services such as Google Drive and Dropbox can be abused by malicious hacker. They can exploit common file synchronization services for command and control (C&C) communications, remote access, data exfiltration and endpoint hacking by reconfiguring them.Attackers don’t even need to compromise targeted users’ credentials to gain access to their file synchronization accounts.
To manage files easily, many popular applications don’t require users to enter their account credentials each time synchronization is performed. Instead, authentication to the cloud relies on a synchronization token that is usually stored in a file, a registry, or the Windows Credential Manager on the user’s machine.
The problem, as per the report is that even though this synchronization token is encrypted on the local device, it can be easily accessed and decrypted by an attacker. Malicious hackers can synchronize their own devices with the victim’s account simply by copying this token to the right place on their own system.
Imperva advises organizations to mitigate such attacks by using a Cloud Access Security Broker (CASB) solution that
monitors access and usage of enterprise cloud services by the enterprise users. Also organization can deploy controls such as DAM and FAM around their business data resources, and identify abnormal and abusive access to the data.
by Tapasi Chavan