Man-in-the-cloud attack could hit leading cloud firms

Box, Google Drive, Dropbox and Microsoft OneDrive are all at risk from a man-in-the-cloud cyber attack that can lie completely undetected.

First reported by V3, research firm Imperva told the Black Hat security conference that some of the largest cloud-based firms on the planet are vulnerable to attacks that wouldn't even need a username or password to be carried out.

It claims that data could easily be accessed in this way and that by getting hold of a user authentication token, attackers can pilfer data and bring malware or ransomware along for the ride inside any account.

"From an attacker's point of view, there are advantages in using this technique. Malicious code is typically not left running on the machine, and the data flows out through a standard, encrypted channel. In the MITC attack, the attacker does not compromise explicit credentials," the firm stated.

Businesses at risk

The technique involves inserting a tool called Switcher into the system by using a malicious email attachment or drive-by download that utilises a flaw in browser plugins. The way it works means that users that don't regularly check their account won't notice it is there and sometimes the only option is to delete the account as the hacker key could remain in place regardless of whether the password is changed.

Businesses also need to be careful of the risks that come from this flaw and should take steps to make sure the vulnerability cannot affect their organisation, especially those that rely on malicious code detection and control communication detection to protect against attacks.