DeepSec 2024 Talk: Navigating the Storm: Emerging Threats in AWS Cloud Security – Miguel Hernández & Alessandro Brucato
As cloud adoption speeds up, so too does the sophistication of attacks targeting cloud infrastructure. Our talk delves into the evolving landscape of AWS security, focusing on the burgeoning threat of crypto mining. We’ve witnessed a significant shift in the tactics, techniques, and procedures (TTPs) used by attackers. This session will uncover the latest trends in cloud security, spotlighting new threat groups and their innovative methods for abusing AWS services.
Attendees will learn about real-world threats involving AWS resources. We will explore the intricate ways these attackers infiltrate and collaborate with other groups in a large black market for credentials. Our discussion will also cover proactive strategies for detection and mitigation, empowering security professionals to safeguard their cloud infrastructure against these evolving threats.
We asked Miguel and Alessandro a few more questions about their talk.
Please tell us the top 5 facts about your talk.
- Focus on AWS Security
- Highlighting not only Cryptomining
- Emerging Threat Groups targeting Cloud providers
- Real-World Threats and Attack Paths
- Proactive Defense Strategies
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
We saw a change in the trend of attackers not using stolen credentials only for crypto jacking, but trying to use other services or doing checks we found curious and thought it might be interesting to share what we have been discovering over the last year.
Why do you think this is an important topic?
This topic is critical because as organizations increasingly move to the cloud, they inadvertently expand the attack surface available to cybercriminals. The tactics used by attackers are becoming more sophisticated, and crypto mining is just one example of how these bad actors are monetizing their access to cloud resources. Understanding these threats and how to mitigate them is essential for any organization relying on cloud infrastructure.
Is there something you want everybody to know – some good advice for our readers, maybe?
I’d like to share: stay proactive rather than reactive. Continuously monitor your cloud environment. Time is critical. Cloud security is not a onetime setup, it is an ongoing process that requires vigilance and adaptation to new threats.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
We can expect to see both increased automation in attacks and more advanced use of new tools or services to monetize victims’ accounts.
Miguel Hernández is a student for life with a passion for innovation. He spent the last nine years working in security research at big tech companies. Currently, he’s a Sr. Threat Research Engineer at Sysdig, besides contributing with his own open source projects such as Grafscan or Spyscrap.
Alessandro is a Sr. Threat Research Engineer at Sysdig with a background in penetration testing of web and mobile applications. His research includes cloud and container security, focusing specifically on supply chain attacks and cloud platform exploitation. While studying computer science and engineering at Politecnico di Milano, he took part in various bug bounty programs where he received rewards from several large companies. Alessandro is also a contributor to Falco, an incubation-level CNCF project.