Netskope @ BSides Delhi 2019

Netskope

BSides is a community-driven framework for organizing events around the world for information security professionals. BSides Delhi 2019 drew approximately 500 attendees and boasted a schedule packed with workshops and presentations. Ashwin Vamshi, from Netskope’s Threat Research, presented our work, “Phishing in the Cloud Era.” We recorded a short preview of our presentation, which is available in this video.

The presentation began with our research on cloud-scale phishing, highlighting:

  • Wide-scale adoption of cloud services by cybercriminals
  • Effective phishing attacks launched from popular cloud services
  • Effective phishing attacks aimed at stealing credentials for popular cloud services
  • Phishing-as-a-service vendors making it particularly easy for attackers

The presentation builds upon some of our previous research, including the following blog posts that detail specific phishing attacks we have analyzed. 

We conclude with some discussion of how organizations can protect themselves, including:

  • Modernizing training to educate users on how to avoid contemporary phishing attacks
  • Actively tracking usage of cloud services to identify suspicious behavior
  • Configuring apps such as PDF readers to reduce the risk of accidentally clicking on a bait within the app

The slides from the presentation are available here.