《云环境中的勒索软件部署生命周期.pdf》由会员分享,可在线阅读,更多相关《云环境中的勒索软件部署生命周期.pdf(29页珍藏版)》请在三个皮匠报告上搜索。
1、The Ransomware Deployment Life Cycle in Cloud EnvironmentsArda BykkayaSenior Cyber Threat Intelligence Analyst,EclecticIQArda BykkayaAbout me Senior Cyber Threat Intelligence Analyst at EclecticIQ Delivering actionable intelligence to Fortune 500 companies and government bodies Background in Malware
2、 Analysis and Incident Response Uncovering nation-state APT operations and tracking financially motivated threat actorsWhichbufferArdaardabuyukkaya Cost of Ransomware Attack Exploiting Low-Cost High-Impact Vulnerabilities From Privileged User Accounts to Cloud Access Prevention Strategies for Cloud
3、Defenders Key Takeaways and Final ThoughtsAgendaCost of Ransomware Attack 45%of all data breaches were cloud-based,and the average cost was just over$5 million Compromising cloud infrastructure drives up ransomware payouts:o broader attack surfaceo complex recovery processeso increased operational d
4、isruptionmaking it a high-value target for RaaS affiliatesIBM Cost of a Data Breach Report 2024 1Exploiting Low-Cost High-Impact Vulnerabilities Edge Network Devices:Since 2023,Black Basta affiliates exploited vulnerabilities in VPN/Firewall solutionsThese exploits enable access to cloud infrastruct
5、ure and cloud credentials.Inside BRUTED Black Basta(RaaS)Members Used Automated Brute Forcing Framework to Target Edge Network Devices 2From Privileged User Accounts to Cloud AccessHigh-Privileged Accounts Targeted via Phishing and Smishing:Phishing pages targeting Cloud Service Providers(Azure,AWS,
6、GCP)and Single Sign-On platforms for credential theft Fake login portals mimic popular SaaS platforms,including:o Oktao ServiceNowo Zendesk o Twilioo Cloudflareo VMware Workspace ONEHighly Targeted Phishing Attacks with Brand Impersonation:Typosquatted domains used for phishing:o victimname-ssoo vic