Do you use public file synchronization services like Google Drive and Drop Box to store your data (think those Excel spreadsheets you’re downloading from your Dynamics GP)? If so, that’s not very surprising considering they are usually free and easy to use. What you may not know is just how unsafe a storage place these can be for your data, and in turn, how they could make you a victim of the daunting Man in the Cloud attack.
Why are public file services so dangerous?
They are dangerous because anyone can access them, meaning hackers can get in there just as easily as you can and attack your files. The most recent attack is called Man in the Cloud.
- You store a OneDrive/Google Drive file on your computer
- This service then creates a small file called a token that maps a folder on your computer to your account on OneDrive.
- Hacker sends you a link to a malicious website or uses social engineering tools to convince you to replace your token with one that substitutes their account for yours.
- Hacker now has access to your file sharing account where they can steal and replace files or worse – plant malicious code into existing files.
Why are Man in the Cloud attacks successful?
These attacks are successful because they have public access instead of using a private cloud that is secured. Private cloud hosting providers, like Myappsanywhere, protect your data before attackers even have the chance to reach it. Running your Dynamics GP and CRM business applications in the private cloud gives you the freedom to know your files are safe and constantly checked by a set of monitoring controls. Man in the Cloud cannot access these cyber security check points like it can when its targeting machines with public sharing services. For example, if you are using Dropbox and change your password thinking you are secure, you are not because the tokens are not refreshed or revoked. Man in the Cloud does not just attack your machine, but also those of your coworkers who are in the encrypted channel running the same file synchronization system. In short, you’ve just infected your entire company.
The Man in the Cloud attack is a proof-in-the-pudding case of why public cloud services can be dangerous. If you’re in the cloud, be sure your Dynamics applications and business files run through a hosted private cloud before you become the next Man in the Cloud victim.