Defcon Cloud Village – Phishing in the Cloud Era

Netskope

The DEFCON27 computer security conference is one of the world’s largest and reputed hacker conventions that will be held from August 8th to August 11th in Las Vegas, Nevada. This event consists of workshops and village tracks from distinguished professionals on cyber-security challenges. We were super thrilled to present our research findings in the Cloud village track on “Phishing in the Cloud Era”.

Our talk details the Tactics, Techniques and Procedures (TTP’s) used by attackers in abusing trusted cloud services to create phishing attacks that are highly effective and hard to detect.

The main agenda of the talk is to detail the novel, offensive phishing attacks we’ve discovered and detailed in our research blogs

We also demonstrated the intrusive Business Email Compromise (BEC) attacks where the attackers leveraged the “Default Allow” action and “Annotations” in popular PDF readers. Along similar lines, we also covered the case study of themed decoys abusing the Google Cloud Open redirection primarily targeting governments, banking and financial firms worldwide.

The key takeaways we found behind the threat actor’s motivation and interest in using the cloud were:

  • Reducing the infrastructure overhead.
  • Access to more powerful l hosting or computing services.
  • Significantly cheaper attack methods (No DGA or BPH needed).
  • Gives attackers protection by default (encrypted traffic, API driven communication etc).
  • Slow take-downs, fast recovery.

The presentation overall educated the audience about phishing attacks hosted in cloud and how organizations should carefully assess the risks and potential threats when moving their enterprise workload towards the cloud.