Hackers don’t even need your password anymore to get access to your cloud data.
Newly published research, released at the Black Hat conference in Las Vegas on Wednesday by security firm Imperva, shows how a “man-in-the-cloud” attack can grab cloud-based files — as well as infecting users with malware — without users even noticing.
A self-described security “amateur” discovered hundreds of Internet-connected devices ranging from cameras to industrial control systems that were connected to the Internet without even basic password protection — meaning they could be easily turned on and off or otherwise manipulated with a single click of a mouse.
“You would be amazed [what] you could find….”
The fact that a company stores its data on a server that is located in a foreign country is unlikely to excuse compliance with document requests directed at the U.S. company in a civil action or regulatory inquiry in the U.S.
Robert Siciliano, identity theft expert, discusses how to protect your data in the cloud….