SlideShare a Scribd company logo

Top 10 Cloud Security Threats

S
SBWebinars

The document provides a summary of the top 10 threats to cloud security as presented by James Condon from Lacework. The top threats are: 1) publicly accessible resources, 2) leaked keys, 3) malicious insiders, 4) brute force attacks, 5) remote code execution, 6) container escapes, 7) supply chain attacks, 8) malware, 9) cryptojacking, and 10) ransomware. For each threat, examples are given and mitigations are proposed. The document concludes by introducing Lacework's unified cloud security platform.

Technology
1 of 47
Download to read offline
@laceworklabs TOP TEN THREATS TO CLOUD SECURITY PRESENTED BY: JAMES CONDON
@laceworklabs AGENDA • whoami • Threatscapes: Enterprise vs Cloud • Top 10 threats to the cloud + examples & mitigations • A bit about Lacework • Final thoughts
@laceworklabs whoami • Former USAF OSI, Mandiant, and ProtectWise • Director of Research @ Lacework • Network Forensics, Incident Response, Threat Intelligence, Cloud Security Twitter: @laceworklabs, @jameswcondon Email: james@lacework.com Blog: www.lacework.com/blog/
@laceworklabs ENTERPRISE VS CLOUD Enterprise • Devices: Laptops, workstations, mobile, on-prem servers, network devices • OS: Windows, MacOS, Linux, iOS, Android, etc. • Users: Mostly Human • Ownership: Enterprise • Network Traffic: Email & Webrowsing • Security: Moat and Castle Cloud • Devices: Servers (ephemeral) • OS: Linux & Windows • Users: Ops users and automated users • Ownership: Shared • Network Traffic: Mostly TLS API communications, virtualized network • Security: Shared Responsibility Model
@laceworklabs ENTERPRISE VS CLOUD THREAT DETECTION Enterprise • Network: IDS, IPS, NetFlow • Endpoint: AV, EDR, HIDS • Logs: SIEM, ELK • Threat Intelligence / Hunting • Behavior Modeling Cloud • Network: TLS API traffic, how to tap or span? VPC flow logs, container & orchestrator traffic • Endpoint: EDR and endpoint for servers and ephemeral workloads • Containers & Orchestrators • Log size and retention • Threat Intel applied to the Cloud • Applications & Users vs IPs & Hosts
@laceworklabs TRADITIONAL ENTERPRISE THREAT ACTORS Criminal APT Hacktivism
@laceworklabs TOP 10 THREATS TO CLOUD SECURITY • Publicly Accessible Resources • Leaked Keys • Malicious Insider KEYS TO THE KINGDOM • Brute Force Attacks • Remote Code Execution • Container Escapes • Supply Chain Attacks BREAKING & ENTERING • Malware • Cryptojacking • Ransomware WE HAVE A BREACH
@laceworklabs KEYS TO THE KINGDOM
@laceworklabs PUBLICLY ACCESSIBLE RESOURCES • The exposure of sensitive data or resources through misconfigurations or similar modes. • Exposed DBs: • MongoDB • Elasticsearch • Redis • Exposed storage: • S3 • Google Cloud Storage
@laceworklabs
@laceworklabs PUBLICLY ACCESSIBLE RESOURCES MITIGATIONS • Visibility into internet facing configurations • Continuous auditing for open storage and ports • Integrate network config tests pre- deployment (CI/CD) • Enforce authentication for DBs • Encrypt sensitive data at rest
@laceworklabs LEAKED ACCESS KEYS • Programmable IaaS + APIs = need for keys in many places • Keys leaked in many ways • Hardcoded • Code repo misconfigs • Code repo hacked • Phishing • Exploits
@laceworklabs UBER BREACH • Oct 2016 two hackers compromised Uber’s GitHub • GitHub contained access to keys to AWS • Hackers stole PII on 57M individuals • Held data for ransom • Publicly disclosed late 2017
@laceworklabs LEAKED ACCESS KEYS MITIGATIONS • Don’t hard code keys • Build tests in CI/CD to search for keys • Use key management solutions and SDKs from cloud providers • Audit code repos for misconfigs • Practice least privilege in code repos
@laceworklabs MALICIOUS INSIDER • Malicious actor with privileged access based on their relationship within the organization.
@laceworklabs • IT employee terminated after 4 weeks • Used former colleges credentials to access company AWS account • Terminated 23 servers • Estimated $700,000 is loses to the business • Deleted data was unable to be recovered
@laceworklabs INSIDER THREAT MITIGATIONS • Internal training & awareness • Practice least privileges • 2FA to minimize chances of stolen accounts • Plan for when employees leave • Physical access • Account access • Disaster recovery plan
@laceworklabs BREAKING & ENTERING
@laceworklabs BRUTE FORCE ATTACKS • Repeated attempts to guess username & password combinations in an attempt to gain unauthorized access. • SSH most common service to brute force on public cloud workloads • Popular infection vector and propagation method for Linux malware • Old tactic, still effective
@laceworklabs EXAMPLE – BREAD & BUTTER ATTACKS • Recent Malware campaign • Begins with brute force SSH • Add user “butter” • Downloads RAT • RAT communicates with CNC • RAT downloads XMR miner • Reported by Gaurdicore
@laceworklabs BRUTE FORCE ATTACKS - MITIGATIONS • Strong passwords • Monitor for repeated access attempts • Key-based auth when possible • Restrict service port access • Bastion hosts for access • WAF for Internet facing apps
@laceworklabs REMOTE CODE EXECUTION • A vulnerability that allows code to be executed from a remote attacker. • A frequent occurrence with so many technology stacks, new CVEs every week • Years old vulnerabilities still a major issue • Very common infection vector in the public cloud
@laceworklabs REDIS EXPLOIT EXAMPLE • Honeypot running Redis 2.8.4 on Ubuntu 14.04 • Redis exposed to open internet (TCP port 6379) • Redis quickly exploited by LUA vulnerability CVE-2015-4335 • Exploit contains payload to download install script • Install script downloads backdoor, miner, kills competitive miners, and set ups persistence
@laceworklabs RCE MITIGATIONS • Patch early and often • Control network access to services • Have incident response plans in place for 0-days (there will always be new exploits) • Reduce size of attack surface • Minimal code base and OS
@laceworklabs CONTAINER ESCAPES • A vulnerability that allows escape from a sandbox or container can mean access to the host operating system or hypervisor. • Biggest concern since popularization of containers • Occurs from both misconfigs and exploits • Containerized applications share host resources, escape can lead to attacks on other containers • Containers not a full sandbox
@laceworklabs RUNC CONTAINER ESCAPE VULNERABILITY • CVE-2019-5736: Execution of malicious containers allows for container escape and access to host filesystem • First major container escape of its kind • Root user in container or specially crafted container could overwrite runc binary with new binary of their choosing • Runc used in most container platforms, most notably Docker
@laceworklabs CONTAINER ESCAPE MITIGATIONS • Follow container best practices to minimize chance of successful escape • Privileged container policy • Read-only root filesystem • 0-days are very rare and difficult to detect • Prepare for rapid response to updating container platforms and operating system is vulnerability is announced
@laceworklabs SUPPLY CHAIN COMPROMISE • “Trusted” software is compromised • Common vectors: • Container image repos • 3rd party applications • Open source projects
@laceworklabs DOCKER HUB IMAGES BACKDOORED • May ‘17 – Feb ’18: 17 malicious images uploaded to Docker Hub • Images contained Cryptojacking capabilities • Images downloaded over 5M times • First reported in Sept ‘17, removed in May ‘18 • Attackers earned $90K
@laceworklabs SUPPLY CHAIN COMPROMISE MITIGATIONS • Container Images: • Build your own • Use official images if needed • Control access to repo • Image Scanning • Use least privileges for integrated CI/CD tools • Git signing & image verification • Be weary of how open source projects are maintained • If possible understand security of 3rd party vendors
@laceworklabs WE HAVE A BREACH
@laceworklabs MALWARE • Any software designed to damage a computer, server, client, or computer network. • RATs, trojans, backdoors, downloaders, ransomware, etc. • Recent Linux malware is modular in nature typically containing backdoor, propagation, and mining module • Typical cloud chain of events is exploit -> install script -> backdoor -> additional modules • Shell scripts & ELF binaries for Linux
@laceworklabs EXAMPLE – BREAD & BUTTER ATTACKS • Prolific malware family reported in 2018 • Targets Linux & Windows • Attributed to Iron Group • Ransomware, coinmining, propagation, and botnet capabilities • Self propagation by attacking weak password and application vulnerabilities • Ransomware is actually data-destroying (no recovery), attacks databases in Linux • Developed in Python • Reported by Unit42
@laceworklabs CRYPTOJACKING • Using someone else's compute and resources to mine cryptocurrencies. • Started taking off in 2017 • Coinhive started wave of new techniques to scale • Could be packaged with or without malware • Used in public cloud, browsers, PCs, IoT, phones, and even Industrial OT • Monero currently most popular coin to mine illicitly
@laceworklabs CRYPTOJACKING EXAMPLE • MircoK8s Honeypot • Open APIs & Dashboards • Attacker scans API • Adds ReplicaController • 5 replicas of CentOS w/ curl commands to DL XMRig & config
@laceworklabs
@laceworklabs RANSOMWARE • Malware that encrypts files and asked for payment to unlock said files. • Was very prevalent prior to cryptojacking • Some ransomware doesn’t unlock files • Used by criminal and APT groups • Good security posture can mitigate effects, especially in the cloud
@laceworklabs BRIEF HISTORY RANSOMWARE • CryptoLocker – One of the most notable early ransomware families 2013-14 • TeslaCrypt – Targeted video game files in 2016 • SimpleLocker – Targeted Android in 2015-16 • WannaCry – One of the first malware families to utilize leaked NSA tools in 2017 • NotPetya – Piggy-backed of the WannaCry wave in 2017 • SamSam – Targeted ransomware-as-a-service in 2015, indictments in 2018 • Ryuk – Targeted ransomware with a big hit in 2018-19
@laceworklabs MITIGATIONS • Applications up-to-date • Strong passwords • Endpoint security • Network monitoring • Cryptojacking specific: • Billing Alerts • Monitor CPU Usage • Monitor connections to popular pools • Ransomware specific: • Backup & Disaster recovery plans
@laceworklabs Introducing… Lacework’s Unified Cloud Security Platform Lacework automates security and compliance across AWS, Azure, GCP, and private clouds, providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.
@laceworklabs Workload Security, Account Security, Continuous Compliance Private cloud Compliance monitoring Compliance reporting for CIS benchmark, PCI DSS, & SOC 2 Misconfiguration detection & alerting Anomaly detection for API behaviors & audit logs Host intrusion detection Runtime Container & K8s security File integrity monitoring Threat & incident investigations
@laceworklabs Lacework’s Benefits for Security & DevOps Security Teams Automated Security Eliminates repetitive, labor-intensive work by completely automating threat detection, workload security, and compliance Accurate & Actionable Removes false positives and alert fatigue by only delivering accurate, actionable security alerts Single Pane of Glass Provides a single platform for multicloud security and eliminates the need to deploy multiple un-integrated security products DevOps High velocity security Builds security into the development pipeline to ensure security operates at the speed of DevOps Built for modern infrastructure Naively built to support security and threat detection for containers and Kubernetes orchestration Engineered for cloud scale Designed to support very large cloud deployments consisting of thousands of server hosts and hundreds of accounts
@laceworklabs About Lacework 1.5 Trillion+ events analyzed (24B added per day) AWS, Azure, GCP Security Partner Backed by: Sutter Hill Ventures Liberty Global Ventures Spike Ventures WIN AME Cloud Ventures 2018 "I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the ONE tool that checked all my security boxes.” | Devin Ertel, Head of Security
@laceworklabs FREE CLOUD RISK & THREAT ASSESSMENT FREE Cloud Risk & Threat Assessment Run a free 30-day Lacework deployment Understand your cloud risk exposure Detect threats & abnormal cloud behaviors Get deep security visibility Improve compliance & security posture 10-minute setup lacework.com/free
@laceworklabs FINAL THOUGHTS • Cloud security is still fairly new • Visibility is difficult • Shared Responsibility Model • Is cloud security the wild west? (think M$ in the early days) • Moving towards more or less secure model? • Sec more Dev savvy or opposite?
@laceworklabs RESOURCES 1. Bread & Butter - https://www.guardicore.com/2018/11/butter-brute-force-ssh-attack-tool-evolution/ 2. Xbash - https://unit42.paloaltonetworks.com/unit42-xbash-combines-botnet-ransomware-coinmining-worm- targets-linux-windows/ 3. Top Ransomware Families - https://www.csoonline.com/article/3212260/the-5-biggest-ransomware-attacks-of- the-last-5-years.html 4. Lucky Ransomware - https://www.lacework.com/elf-of-the-month-new-lucky-ransomware-sample/ 5. Anatomy of a Redis Exploit - https://www.lacework.com/anatomy-of-a-redis-exploit/ 6. Runc CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 7. Sacked IT guy annihilates 23 of his ex-employer’s AWS servers - https://nakedsecurity.sophos.com/2019/03/22/sacked-it-guy-annihilates-23-of-his-ex-employers-aws-servers/ 8. Docker Hub Backdoored Images - https://arstechnica.com/information-technology/2018/06/backdoored-images- downloaded-5-million-times-finally-removed-from-docker-hub/
@laceworklabs QUESTIONS Twitter: @laceworklabs, @jameswcondon Email: james@lacework.com Blog: www.lacework.com/blog/

Recommended

BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackBSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackLacework
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Weekend Malware Research 2012
Weekend Malware Research 2012Weekend Malware Research 2012
Weekend Malware Research 2012Andrew Morris
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 

Recommended

BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackBSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes Back
BSides Denver 2019 - Cloud Wars Episode V: The Cryptojacker Strikes BackLacework
 
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...
DerbyCon 2019: Prepare to be Boarded! A Tale of Kubernetes, Plunder, and Cryp...Lacework
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Weekend Malware Research 2012
Weekend Malware Research 2012Weekend Malware Research 2012
Weekend Malware Research 2012Andrew Morris
 
Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22Improvement in Rogue Access Points - SensePost Defcon 22
Improvement in Rogue Access Points - SensePost Defcon 22SensePost
 
The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security Filip Waeytens
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN'sn|u - The Open Security Community
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm HereChristopher Grayson
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest ApocalypseBeau Bullock
 
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat Security Conference
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesBSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesJason Trost
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotjstnkndy
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for PentestingMike Felch
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceToni de la Fuente
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 
Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 

More Related Content

What's hot

The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security Filip Waeytens
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To ProtectGuy Podjarny
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X WayStephan Borosh
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team ApocalypseBeau Bullock
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear DenESET
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm HereChristopher Grayson
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]abdou Bahassou
 
Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest ApocalypseBeau Bullock
 
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat Security Conference
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesBSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesJason Trost
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotjstnkndy
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for PentestingMike Felch
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysisChong-Kuan Chen
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux pptAbhayNaik8
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceToni de la Fuente
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015NetSPI
 

What's hot (20)

The state of wireless security
The state of wireless security The state of wireless security
The state of wireless security
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 
Red Team Apocalypse
Red Team ApocalypseRed Team Apocalypse
Red Team Apocalypse
 
Visiting the Bear Den
Visiting the Bear DenVisiting the Bear Den
Visiting the Bear Den
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm Here
 
Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]Kali linux and some features [view in Full screen mode]
Kali linux and some features [view in Full screen mode]
 
Pentest Apocalypse
Pentest ApocalypsePentest Apocalypse
Pentest Apocalypse
 
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
BlueHat v17 || A Lustrum of Malware Network Communication: Evolution and Insi...
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
 
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware SandboxesBSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
BSidesNYC 2016 - An Adversarial View of SaaS Malware Sandboxes
 
Shmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshotShmoocon 2015 - httpscreenshot
Shmoocon 2015 - httpscreenshot
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection Exploited
 
Offensive Python for Pentesting
Offensive Python for PentestingOffensive Python for Pentesting
Offensive Python for Pentesting
 
Malware collection and analysis
Malware collection and analysisMalware collection and analysis
Malware collection and analysis
 
penetration test using Kali linux ppt
penetration test using Kali linux pptpenetration test using Kali linux ppt
penetration test using Kali linux ppt
 
OWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a ServiceOWASP Atlanta 2018: Forensics as a Service
OWASP Atlanta 2018: Forensics as a Service
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015All You Need is One - A ClickOnce Love Story - Secure360 2015
All You Need is One - A ClickOnce Love Story - Secure360 2015
 

Similar to Top 10 Cloud Security Threats

Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsAndrew Morris
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
Docker Security
Docker SecurityDocker Security
Docker Securityantitree
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?Nathan Van Gheem
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and BeyondBlack Duck by Synopsys
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesGokul Alex
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure SecurityRicky Sanders
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementTim Mackey
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementBlack Duck by Synopsys
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the CloudTeri Radichel
 

Similar to Top 10 Cloud Security Threats (20)

Lacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security ThreatsLacework | Top 10 Cloud Security Threats
Lacework | Top 10 Cloud Security Threats
 
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse TeamsUsing GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
Using GreyNoise to Quantify Response Time of Cloud Provider Abuse Teams
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
DCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at NetflixDCSF19 Container Security: Theory & Practice at Netflix
DCSF19 Container Security: Theory & Practice at Netflix
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
Docker Security
Docker SecurityDocker Security
Docker Security
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 
Do you lose sleep at night?
Do you lose sleep at night?Do you lose sleep at night?
Do you lose sleep at night?
 
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Security events in 2014
Security events in 2014Security events in 2014
Security events in 2014
 
5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond5 Ways to Secure Your Containers for Docker and Beyond
5 Ways to Secure Your Containers for Docker and Beyond
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Immutable Infrastructure Security
Immutable Infrastructure SecurityImmutable Infrastructure Security
Immutable Infrastructure Security
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
The How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability ManagementThe How and Why of Container Vulnerability Management
The How and Why of Container Vulnerability Management
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
Crypto Miners in the Cloud
Crypto Miners in the CloudCrypto Miners in the Cloud
Crypto Miners in the Cloud
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 

More from SBWebinars

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSBWebinars
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySBWebinars
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemSBWebinars
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...SBWebinars
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelSBWebinars
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application SecuritySBWebinars
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainSBWebinars
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...SBWebinars
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresSBWebinars
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementSBWebinars
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactSBWebinars
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsSBWebinars
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixSBWebinars
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementSBWebinars
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemSBWebinars
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsSBWebinars
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouSBWebinars
 
Take a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogTake a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogSBWebinars
 

More from SBWebinars (20)

Securing Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside OutSecuring Mobile Apps, From the Inside Out
Securing Mobile Apps, From the Inside Out
 
SAP Concur’s Cloud Journey
SAP Concur’s Cloud JourneySAP Concur’s Cloud Journey
SAP Concur’s Cloud Journey
 
Top Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against ThemTop Cybersecurity Threats and How SIEM Protects Against Them
Top Cybersecurity Threats and How SIEM Protects Against Them
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
 
The Next Generation of Application Security
The Next Generation of Application SecurityThe Next Generation of Application Security
The Next Generation of Application Security
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply ChainYou're Bleeding. Exposing the Attack Surface in your Supply Chain
You're Bleeding. Exposing the Attack Surface in your Supply Chain
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...Demystifying PCI Software Security Framework: All You Need to Know for Your A...
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
 
Deploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving InfrastructuresDeploying Secure Modern Apps in Evolving Infrastructures
Deploying Secure Modern Apps in Evolving Infrastructures
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity ManagementReduce the Burden Of Managing SAP With Enterprise Identity Management
Reduce the Burden Of Managing SAP With Enterprise Identity Management
 
Maturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High ImpactMaturing DevSecOps: From Easy to High Impact
Maturing DevSecOps: From Easy to High Impact
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP CloudsHow to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
 
Reducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at NetflixReducing Risk of Credential Compromise at Netflix
Reducing Risk of Credential Compromise at Netflix
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
The State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities ManagementThe State of Open Source Vulnerabilities Management
The State of Open Source Vulnerabilities Management
 
Flow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need ThemFlow Metrics: What They Are & Why You Need Them
Flow Metrics: What They Are & Why You Need Them
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud ThreatsBeyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
 
Building Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for YouBuilding Blocks of Secure Development: How to Make Open Source Work for You
Building Blocks of Secure Development: How to Make Open Source Work for You
 
Take a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation BacklogTake a Bite Out of the Remediation Backlog
Take a Bite Out of the Remediation Backlog
 

Recently uploaded

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Top 10 Cloud Security Threats

  • 1. @laceworklabs TOP TEN THREATS TO CLOUD SECURITY PRESENTED BY: JAMES CONDON
  • 2. @laceworklabs AGENDA • whoami • Threatscapes: Enterprise vs Cloud • Top 10 threats to the cloud + examples & mitigations • A bit about Lacework • Final thoughts
  • 3. @laceworklabs whoami • Former USAF OSI, Mandiant, and ProtectWise • Director of Research @ Lacework • Network Forensics, Incident Response, Threat Intelligence, Cloud Security Twitter: @laceworklabs, @jameswcondon Email: james@lacework.com Blog: www.lacework.com/blog/
  • 4. @laceworklabs ENTERPRISE VS CLOUD Enterprise • Devices: Laptops, workstations, mobile, on-prem servers, network devices • OS: Windows, MacOS, Linux, iOS, Android, etc. • Users: Mostly Human • Ownership: Enterprise • Network Traffic: Email & Webrowsing • Security: Moat and Castle Cloud • Devices: Servers (ephemeral) • OS: Linux & Windows • Users: Ops users and automated users • Ownership: Shared • Network Traffic: Mostly TLS API communications, virtualized network • Security: Shared Responsibility Model
  • 5. @laceworklabs ENTERPRISE VS CLOUD THREAT DETECTION Enterprise • Network: IDS, IPS, NetFlow • Endpoint: AV, EDR, HIDS • Logs: SIEM, ELK • Threat Intelligence / Hunting • Behavior Modeling Cloud • Network: TLS API traffic, how to tap or span? VPC flow logs, container & orchestrator traffic • Endpoint: EDR and endpoint for servers and ephemeral workloads • Containers & Orchestrators • Log size and retention • Threat Intel applied to the Cloud • Applications & Users vs IPs & Hosts
  • 6. @laceworklabs TRADITIONAL ENTERPRISE THREAT ACTORS Criminal APT Hacktivism
  • 7. @laceworklabs TOP 10 THREATS TO CLOUD SECURITY • Publicly Accessible Resources • Leaked Keys • Malicious Insider KEYS TO THE KINGDOM • Brute Force Attacks • Remote Code Execution • Container Escapes • Supply Chain Attacks BREAKING & ENTERING • Malware • Cryptojacking • Ransomware WE HAVE A BREACH
  • 9. @laceworklabs PUBLICLY ACCESSIBLE RESOURCES • The exposure of sensitive data or resources through misconfigurations or similar modes. • Exposed DBs: • MongoDB • Elasticsearch • Redis • Exposed storage: • S3 • Google Cloud Storage
  • 11. @laceworklabs PUBLICLY ACCESSIBLE RESOURCES MITIGATIONS • Visibility into internet facing configurations • Continuous auditing for open storage and ports • Integrate network config tests pre- deployment (CI/CD) • Enforce authentication for DBs • Encrypt sensitive data at rest
  • 12. @laceworklabs LEAKED ACCESS KEYS • Programmable IaaS + APIs = need for keys in many places • Keys leaked in many ways • Hardcoded • Code repo misconfigs • Code repo hacked • Phishing • Exploits
  • 13. @laceworklabs UBER BREACH • Oct 2016 two hackers compromised Uber’s GitHub • GitHub contained access to keys to AWS • Hackers stole PII on 57M individuals • Held data for ransom • Publicly disclosed late 2017
  • 14. @laceworklabs LEAKED ACCESS KEYS MITIGATIONS • Don’t hard code keys • Build tests in CI/CD to search for keys • Use key management solutions and SDKs from cloud providers • Audit code repos for misconfigs • Practice least privilege in code repos
  • 15. @laceworklabs MALICIOUS INSIDER • Malicious actor with privileged access based on their relationship within the organization.
  • 16. @laceworklabs • IT employee terminated after 4 weeks • Used former colleges credentials to access company AWS account • Terminated 23 servers • Estimated $700,000 is loses to the business • Deleted data was unable to be recovered
  • 17. @laceworklabs INSIDER THREAT MITIGATIONS • Internal training & awareness • Practice least privileges • 2FA to minimize chances of stolen accounts • Plan for when employees leave • Physical access • Account access • Disaster recovery plan
  • 19. @laceworklabs BRUTE FORCE ATTACKS • Repeated attempts to guess username & password combinations in an attempt to gain unauthorized access. • SSH most common service to brute force on public cloud workloads • Popular infection vector and propagation method for Linux malware • Old tactic, still effective
  • 20. @laceworklabs EXAMPLE – BREAD & BUTTER ATTACKS • Recent Malware campaign • Begins with brute force SSH • Add user “butter” • Downloads RAT • RAT communicates with CNC • RAT downloads XMR miner • Reported by Gaurdicore
  • 21. @laceworklabs BRUTE FORCE ATTACKS - MITIGATIONS • Strong passwords • Monitor for repeated access attempts • Key-based auth when possible • Restrict service port access • Bastion hosts for access • WAF for Internet facing apps
  • 22. @laceworklabs REMOTE CODE EXECUTION • A vulnerability that allows code to be executed from a remote attacker. • A frequent occurrence with so many technology stacks, new CVEs every week • Years old vulnerabilities still a major issue • Very common infection vector in the public cloud
  • 23. @laceworklabs REDIS EXPLOIT EXAMPLE • Honeypot running Redis 2.8.4 on Ubuntu 14.04 • Redis exposed to open internet (TCP port 6379) • Redis quickly exploited by LUA vulnerability CVE-2015-4335 • Exploit contains payload to download install script • Install script downloads backdoor, miner, kills competitive miners, and set ups persistence
  • 24. @laceworklabs RCE MITIGATIONS • Patch early and often • Control network access to services • Have incident response plans in place for 0-days (there will always be new exploits) • Reduce size of attack surface • Minimal code base and OS
  • 25. @laceworklabs CONTAINER ESCAPES • A vulnerability that allows escape from a sandbox or container can mean access to the host operating system or hypervisor. • Biggest concern since popularization of containers • Occurs from both misconfigs and exploits • Containerized applications share host resources, escape can lead to attacks on other containers • Containers not a full sandbox
  • 26. @laceworklabs RUNC CONTAINER ESCAPE VULNERABILITY • CVE-2019-5736: Execution of malicious containers allows for container escape and access to host filesystem • First major container escape of its kind • Root user in container or specially crafted container could overwrite runc binary with new binary of their choosing • Runc used in most container platforms, most notably Docker
  • 27. @laceworklabs CONTAINER ESCAPE MITIGATIONS • Follow container best practices to minimize chance of successful escape • Privileged container policy • Read-only root filesystem • 0-days are very rare and difficult to detect • Prepare for rapid response to updating container platforms and operating system is vulnerability is announced
  • 28. @laceworklabs SUPPLY CHAIN COMPROMISE • “Trusted” software is compromised • Common vectors: • Container image repos • 3rd party applications • Open source projects
  • 29. @laceworklabs DOCKER HUB IMAGES BACKDOORED • May ‘17 – Feb ’18: 17 malicious images uploaded to Docker Hub • Images contained Cryptojacking capabilities • Images downloaded over 5M times • First reported in Sept ‘17, removed in May ‘18 • Attackers earned $90K
  • 30. @laceworklabs SUPPLY CHAIN COMPROMISE MITIGATIONS • Container Images: • Build your own • Use official images if needed • Control access to repo • Image Scanning • Use least privileges for integrated CI/CD tools • Git signing & image verification • Be weary of how open source projects are maintained • If possible understand security of 3rd party vendors
  • 32. @laceworklabs MALWARE • Any software designed to damage a computer, server, client, or computer network. • RATs, trojans, backdoors, downloaders, ransomware, etc. • Recent Linux malware is modular in nature typically containing backdoor, propagation, and mining module • Typical cloud chain of events is exploit -> install script -> backdoor -> additional modules • Shell scripts & ELF binaries for Linux
  • 33. @laceworklabs EXAMPLE – BREAD & BUTTER ATTACKS • Prolific malware family reported in 2018 • Targets Linux & Windows • Attributed to Iron Group • Ransomware, coinmining, propagation, and botnet capabilities • Self propagation by attacking weak password and application vulnerabilities • Ransomware is actually data-destroying (no recovery), attacks databases in Linux • Developed in Python • Reported by Unit42
  • 34. @laceworklabs CRYPTOJACKING • Using someone else's compute and resources to mine cryptocurrencies. • Started taking off in 2017 • Coinhive started wave of new techniques to scale • Could be packaged with or without malware • Used in public cloud, browsers, PCs, IoT, phones, and even Industrial OT • Monero currently most popular coin to mine illicitly
  • 35. @laceworklabs CRYPTOJACKING EXAMPLE • MircoK8s Honeypot • Open APIs & Dashboards • Attacker scans API • Adds ReplicaController • 5 replicas of CentOS w/ curl commands to DL XMRig & config
  • 37. @laceworklabs RANSOMWARE • Malware that encrypts files and asked for payment to unlock said files. • Was very prevalent prior to cryptojacking • Some ransomware doesn’t unlock files • Used by criminal and APT groups • Good security posture can mitigate effects, especially in the cloud
  • 38. @laceworklabs BRIEF HISTORY RANSOMWARE • CryptoLocker – One of the most notable early ransomware families 2013-14 • TeslaCrypt – Targeted video game files in 2016 • SimpleLocker – Targeted Android in 2015-16 • WannaCry – One of the first malware families to utilize leaked NSA tools in 2017 • NotPetya – Piggy-backed of the WannaCry wave in 2017 • SamSam – Targeted ransomware-as-a-service in 2015, indictments in 2018 • Ryuk – Targeted ransomware with a big hit in 2018-19
  • 39. @laceworklabs MITIGATIONS • Applications up-to-date • Strong passwords • Endpoint security • Network monitoring • Cryptojacking specific: • Billing Alerts • Monitor CPU Usage • Monitor connections to popular pools • Ransomware specific: • Backup & Disaster recovery plans
  • 40. @laceworklabs Introducing… Lacework’s Unified Cloud Security Platform Lacework automates security and compliance across AWS, Azure, GCP, and private clouds, providing a comprehensive view of risks across cloud workloads and containers. Lacework’s unified cloud security platform provides unprecedented visibility, automates intrusion detection, delivers one-click investigation, and simplifies cloud compliance.
  • 41. @laceworklabs Workload Security, Account Security, Continuous Compliance Private cloud Compliance monitoring Compliance reporting for CIS benchmark, PCI DSS, & SOC 2 Misconfiguration detection & alerting Anomaly detection for API behaviors & audit logs Host intrusion detection Runtime Container & K8s security File integrity monitoring Threat & incident investigations
  • 42. @laceworklabs Lacework’s Benefits for Security & DevOps Security Teams Automated Security Eliminates repetitive, labor-intensive work by completely automating threat detection, workload security, and compliance Accurate & Actionable Removes false positives and alert fatigue by only delivering accurate, actionable security alerts Single Pane of Glass Provides a single platform for multicloud security and eliminates the need to deploy multiple un-integrated security products DevOps High velocity security Builds security into the development pipeline to ensure security operates at the speed of DevOps Built for modern infrastructure Naively built to support security and threat detection for containers and Kubernetes orchestration Engineered for cloud scale Designed to support very large cloud deployments consisting of thousands of server hosts and hundreds of accounts
  • 43. @laceworklabs About Lacework 1.5 Trillion+ events analyzed (24B added per day) AWS, Azure, GCP Security Partner Backed by: Sutter Hill Ventures Liberty Global Ventures Spike Ventures WIN AME Cloud Ventures 2018 "I’m extremely happy with Lacework. I sleep better at night knowing we have full visibility into our cloud operations. It was the ONE tool that checked all my security boxes.” | Devin Ertel, Head of Security
  • 44. @laceworklabs FREE CLOUD RISK & THREAT ASSESSMENT FREE Cloud Risk & Threat Assessment Run a free 30-day Lacework deployment Understand your cloud risk exposure Detect threats & abnormal cloud behaviors Get deep security visibility Improve compliance & security posture 10-minute setup lacework.com/free
  • 45. @laceworklabs FINAL THOUGHTS • Cloud security is still fairly new • Visibility is difficult • Shared Responsibility Model • Is cloud security the wild west? (think M$ in the early days) • Moving towards more or less secure model? • Sec more Dev savvy or opposite?
  • 46. @laceworklabs RESOURCES 1. Bread & Butter - https://www.guardicore.com/2018/11/butter-brute-force-ssh-attack-tool-evolution/ 2. Xbash - https://unit42.paloaltonetworks.com/unit42-xbash-combines-botnet-ransomware-coinmining-worm- targets-linux-windows/ 3. Top Ransomware Families - https://www.csoonline.com/article/3212260/the-5-biggest-ransomware-attacks-of- the-last-5-years.html 4. Lucky Ransomware - https://www.lacework.com/elf-of-the-month-new-lucky-ransomware-sample/ 5. Anatomy of a Redis Exploit - https://www.lacework.com/anatomy-of-a-redis-exploit/ 6. Runc CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 7. Sacked IT guy annihilates 23 of his ex-employer’s AWS servers - https://nakedsecurity.sophos.com/2019/03/22/sacked-it-guy-annihilates-23-of-his-ex-employers-aws-servers/ 8. Docker Hub Backdoored Images - https://arstechnica.com/information-technology/2018/06/backdoored-images- downloaded-5-million-times-finally-removed-from-docker-hub/
  • 47. @laceworklabs QUESTIONS Twitter: @laceworklabs, @jameswcondon Email: james@lacework.com Blog: www.lacework.com/blog/