File synchronization services can be easily turned into an infrastructure for endpoint compromise

In the MITC attack, the attacker does not compromise explicit credentials (e.g., account name and password) of the victim. These MITC attacks rely on common file synchronization services (such as GoogleDrive and Dropbox) as their infrastructure for command and control (C&C), data exfiltration, and remote access. Without using any exploits, Minerva security researchers show how simple re-configuration of these services can turn them into a devastating attack tool that is not easily detected by common security measures.

Imperva MITC report is available here – http://www.imperva.com/docs/imperva_Hacker_Intelligence_Initiative_No22_Jul2015_v1d.pdf

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top