Adversaries are increasingly targeting multi-cloud infrastructures to disrupt operations and demand ransomware, exfiltrate sensitive data, and steal funds. To accomplish this while evading detection, they often adapt traditional Living-off-the-Land (LOTL) tactics to the specific API-driven characteristics of the cloud.
How? Instead of leveraging native Windows tools like PowerShell and WMI to escalate privileges and move laterally across corporate networks, they’re now compromising native cloud platform and identity management tools to gain administrative privileges and move laterally from one cloud environment to another.
In addition to enabling automated cloud attacks, the benefits of this approach are that (1) it is stealthy, because most cloud platforms do not natively detect these types of activities, and (2) it enables attackers to reuse the same playbooks over and over, across different organizations, because most organizations using the same cloud providers (AWS, Azure, GCP) have similarly managed architectures.
In this educational webinar, we’ll: