How safe is cloud storage?

Nasher · 16 Mar 2019 at 17:48

Network storage can still be infected if someone accesses it from an infected PC.

When we got hit about 2 years ago documents on network storage got encrypted too. But we separate different departments/buildings in to separate VLANs, DFS folders and set permissions properly, so we just wiped the area which got infected and restored from tape.

Em3bbs · 16 Mar 2019 at 17:50

Nasher said:
But you still don't know who they are or if you can trust them with your data.

I know a guy who was part of government penetration testing team, his favorite tactic was to get a job as a cleaner or other low level staff, or simply blag his way in (it's surprising how many people will simply hold the door open for a guy in a suit or hi-vis). Then start planting keyloggers and wifi devices to harvest passwords. They didn't even know he was in until he revealed himself. Didn't need any keys or special passes, just a login for their network and made his way from there. From outside the building.

How would that help getting access to something like Dropbox etc? Staff at cloud companies don't log on to customer accounts.

Nasher · 16 Mar 2019 at 17:54

Em3bbs said:
How would that help getting access to something like Dropbox etc? Staff at cloud companies don't log on to customer accounts.

But they probably have a way to get in to it. An attacker would look to access servers with a domain admin account, you can do anything from there.

It's not uncommon for data to get stolen in hacks like this. We hear about it all the time in the news.

Em3bbs · 16 Mar 2019 at 17:59

Nasher said:
But they probably have a way to get in to it. An attacker would look to access servers with a domain admin account, you can do anything from there.

That wouldn't be a possible situation in any credible cloud storage company. A domain admin account wouldn't be able to anything like that.

Nasher · 16 Mar 2019 at 18:00

Em3bbs said:
That wouldn't be a possible situation in any credible cloud storage company. A domain admin account wouldn't be able to anything like that.

You can do it on any windows domain. A domain admin can do anything. Change any configurations, make servers, delete logs, etc. Which is why you don't just give them to anyone.

Em3bbs · 16 Mar 2019 at 18:01

Nasher said:
You can do it on any windows domain.

We're talking about accessing secure data on a customer's cloud storage here, not a windows file server.

Nasher · 16 Mar 2019 at 18:02

Em3bbs said:
We're talking about accessing secure data on customer's cloud storage here, not a windows file server.

Which is probably hosted by either a Windows or Linux machine linked to SAN storage.

Em3bbs · 16 Mar 2019 at 18:03

Nasher said:
Which is probably hosted by either a Windows or Linux machine linked to SAN storage.

I said credible cloud storage company.

Nasher · 16 Mar 2019 at 18:05

Em3bbs said:
I said credible cloud storage company.

They are all like that, how do you think systems like Onedrive are set up? It's Windows based and is hosted by windows servers. Any experienced Windows expert will be able to find their way around it once in.

A hacker could e.g. start opening VPN tunnels and go right through their firewall. Then siphon off data (which is what does happen). Not much of a risk for average Joe as it takes a lot of effort, but a high profile company yes. Sony got hacked by someone who just walked in to the building and went to work from the inside.

Em3bbs · 16 Mar 2019 at 18:25

Nasher said:
They are all like that, how do you think systems like Onedrive are set up? It's Windows based and is hosted by windows servers. Any experienced Windows expert will be able to find their way around it once in.

A hacker could e.g. start opening VPN tunnels and go right through their firewall. Then siphon off data (which is what does happen). Not much of a risk for average Joe as it takes a lot of effort, but a high profile company yes. Sony got hacked by someone who just walked in to the building and went to work from the inside.

I know how systems like Onedrive are set up, and there isn't a way for someone on the 'inside' to go to a folder called 'Customer Drives' and then look for a folder called 'Sony'. It just doesn't work like that.

A much better attack vector if you are going after a particular firm is to work on the inside of *that* firm, as you mention, but not the cloud hosting company they use.