///////////////////////////////////////////////////////////////////////
FEATURE: THREAT ANALYSIS
Protecting against a
‘Man in the Cloud’
(MitC) attack
Enterprises have no choice but
to conform to the necessity
of protecting their networks
against potential cyberattacks
in the digital era. Anurag Kahol,
CTO, Bitglass, offers his best
practice advice for businesses to
take the right steps for ensuring
protection from MitC attacks.
T
he popularity of the cloud is undeniable and its usage is
increasing every day. The International Data Corporation
(IDC) recently forecast that worldwide public cloud spending
will reach US$210 billion in 2019 – an increase over 23.8%
from 2018. With growth like this however, it is unsurprising that malicious
entities have taken note, giving rise to a new breed of cyberattack.
Man in the Cloud, or MitC, attacks have become more prevalent in
recent years as the use of the cloud grows in popularity. This attack aims
to access its victims’ accounts without the need to obtain compromised
user credentials beforehand. But what is an MitC attack? How do I know
if there is a man in my cloud? And how can I stop him from getting in?
MitC’s anatomy
MitC attacks take advantage of the OAuth synchronisation token
system used by cloud applications to gain access to cloud accounts.
Popular cloud services – Dropbox, Microsoft OneDrive, Google Drive and
more – each save one of these tokens on a user’s device after initial
www.intelligentcio.com
INTELLIGENTCIO
55