One malicious tactic that has become quite prevalent in recent years is known as a ‘man in the cloud’ (MitC) attack. This attack aims to access victims’ accounts without the need to obtain compromised user credentials beforehand. Below, this article explains the anatomy of MitC attacks and offers practical advice about what can be done to defend against them.
What is MitC attack?
To gain access to cloud accounts, MitC attacks take advantage of the OAuth synchronisation token system used by cloud applications. The majority of popular cloud services – Dropbox, Microsoft OneDrive, Google Drive, and more – each save one of these tokens on a user’s device after initial authentication is completed.
