Man in the Cloud (MITC) Attacks

deanwebb · September 15, 2015, 09:39:38 AM

Yes, it's true.

https://www.imperva.com/docs/HII_Man_In_The_Cloud_Attacks.pdf

Big takeaway: Because MITC attacks are done through cloud sync protocols, perimeter and IPS won't catch them. Behavior analysis and intellectual property security have to be used to detect and respond to these bad boys.

wintermute000 · September 19, 2015, 06:05:07 AM

what, no netskope hype to follow up? (but seriously, thanks, that is an interesting PDF).

deanwebb · September 19, 2015, 08:44:51 AM

It's another example of developers wanting to make something work as quickly and easily as possible without giving a thought to how crappy the security of the whole thing is.

To be sure, making it more secure would also make it much harder to use... the most popular cloud storage service, therefore, would also be the one most easy to exploit.

wintermute000 · September 20, 2015, 05:51:38 AM

CASB (Cloud Access Security Broker)
woohoo acronyms + yet another thing to learn + yet another hidden cost of doing business when you decide to put your servers somewhere else, oh I mean CLOUD lol

deanwebb · September 21, 2015, 08:07:41 PM

My video on the topic...

https://www.youtube.com/watch?v=8IzqgNY9kr4

RHochstenbach · October 02, 2015, 07:54:12 AM

Those cloud services were designed for home users allowing them to share their vacation photos. Those haven't been (publicly) audited to use in a business environment. As a security manager, I get scared when management comes up with the idea of using Dropbox or Google Drive to share sensitive files. Call me old-fashioned, but I still prefer local storage. An audited private cloud might be an alternative.

deanwebb · October 02, 2015, 08:11:16 AM

Even then, with weak mechanisms for security, a person on the inside could intercept flows from individuals that handle sensitive documents and evade normal security, even what would be a sophisticated intellectual property management system, as the copies he'd receive would be seen as legitimate traffic for him accessing a cloud share that he's supposedly got permission to access... we'd have to have local file monitoring, and I'm sure the client boys are just *dying* to have one more agent to install locally.

icecream-guy · October 02, 2015, 11:04:35 AM

5 years ago the current administration but for a government cloud adoption plan, surprisingly, the adoption has not been very good, but according to this article here

http://www.networkworld.com/article/2988229/cloud-computing/government-cloud-adoption-efforts-lag-as-security-concerns-persist.html

it's completely safe, even making it MORE secure than hosting services in house.