One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them.
What is MitC attack?
To gain access to cloud accounts, MitC attacks take advantage of the OAuth synchronisation token system used by cloud applications. The majority of popular cloud services – Dropbox, Microsoft OneDrive, Google Drive, and more – each save one of these tokens on a user’s device after initial authentication is completed. This is done to improve usability – users don’t have to enter their password every time they attempt to access an app if they have an OAuth token.
However, the anytime, anywhere nature of cloud services means that the same token can grant access from any device. As such, if an attacker can access and copy a token, she or he can infiltrate the victim’s cloud remotely – in a manner that appears genuine and bypasses security measures.