Companies migrating to the cloud underestimate attackers, thinking that they probably run and maintain their own servers for attacking. That narrative leads companies to basing most of their security on IP-feeds. The misconception of allowing trusted cloud applications continues, even though the cybersecurity industry has been aware of the threats it presents for more than a decade: in 2009, researchers revealed the usage of Twitter as a C2. 13 years have passed, but the lesson has not been learned: last April, researchers identified that APT29 was using cloud platforms as both a C2 server and a destination for data exfiltration.
This session will review common cloud-based attacks and why (and where) detection usually fails. Next we will perform a live demo to showcase how malware communicates over API. You will come away from this session with a good understanding of how attacks on these cloud services can be carried out, and the detection and prevention of such attacks.
Join the Community!
If you haven’t joined the Discord community, please do so! You can find us on Discord at: https://devseccon.io/discordcommunity
