DSC Switzerland

Say What?! You Should Know About Living off the Cloud Attacks

Register

Date

September 5th, 2023

Time

4pm CEST

Location

Virtual

play_circle

Questions? Join the conversation on Discord channel #devsecon-discussions-ūüó£

About the event:

Join us for our upcoming DevSecCon Switzerland event where we will dive deep into the world of cloud security. Get ready to explore the intriguing talk titled¬†“Say What?! You Should Know About Living off the Cloud Attacks.”¬†Discover the common pitfalls in cloud-based security, uncover the hidden vulnerabilities, and learn effective detection and prevention strategies. Don’t miss out on this insightful session that promises to enhance your understanding of cloud security risks. See you at DevSecCon Switzerland!

Location (Vurtual): https://www.youtube.com/live/amTiC5y_SwY

Say What?! You Should Know About Living off the Cloud Attacks

Companies migrating to the cloud underestimate attackers, thinking that they probably run and maintain their own servers for attacking. That narrative leads companies to basing most of their security on IP-feeds. The misconception of allowing trusted cloud applications continues, even though the cybersecurity industry has been aware of the threats it presents for more than a decade: in 2009, researchers revealed the usage of Twitter as a C2. 13 years have passed, but the lesson has not been learned: last April, researchers identified that APT29 was using cloud platforms as both a C2 server and a destination for data exfiltration.

This session will review common cloud-based attacks and why (and where) detection usually fails. Next we will perform a live demo to showcase how malware communicates over API. You will come away from this session with a good understanding of how attacks on these cloud services can be carried out, and the detection and prevention of such attacks.

Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at:¬†https://devseccon.io/discordcommunity

Avishay Zawoznik

Security Research Manager at Cato Networks

About Avishay Zawoznik

Avishay Zawoznik manages the content group in Cato’s security research department, carrying ten years of experience in different fields of network and web security. Avishay specializes in network-based and application-based attack research, keeping up with the latest security publications, analyzing and implementing ways to detect and mitigate potential threats, focusing on a data-oriented approach provided by Cato’s cloud network, and looking at variants of exploits seen in the wild.

We use cookies to ensure you get the best experience on our website.Read Privacy Policy
close