In the MITC attack, the attacker does not compromise explicit credentials (e.g., account name and password) of the victim. These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, Minerva security researchers show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.
Imperva MITC report is available here – http://www.imperva.com/docs/imperva_Hacker_Intelligence_Initiative_No22_Jul2015_v1d.pdf
