Threat Labs Netskope @ Nullcon Goa 2020
Apr 07 2020

Netskope @ Nullcon Goa 2020

Nullcon is one of India’s largest and most prestigious security conferences. This year, the conference drew some 70 presenters and more than 2000 attendees from around the world. Topics included zero-day vulnerabilities, the latest attack vectors, and other cyber threats, with a focus on both offense and defense. The conference was held from March 6th to March 7th at the Taj Hotel and Convention Center, Dona Paula, Goa. Rushikesh and Ashwin from Netskope presented our research entitled “Cloud as an Attack Vector”. 

The presentation highlighted the cloud-enabled kill-chain — how attackers are leveraging cloud for all phases of the malware lifecycle.

We started by touching basing on common Malware in the Cloud (MITC) attack patterns:

  • Cloud as a malware hosting platform
  • Cloud as a command and control channel
  • Cloud as a platform to spread malware
  • Cloud as a platform to host Crimeware as a Service

For each attack pattern, we provided case studies of real-world attacks with threat actors TTPs (Tactics, Techniques and Procedures). The case studies detailed some of the threats we previously blogged about, including: 

Overall, the talk attracted a near full house audience of more than 250 attendees who joined to learn why attackers are moving to the cloud, how they are leveraging the cloud, and what we can do to harden our security and protect against cloud-enabled threats.

The slide deck of our presentation can be downloaded here.

author image
About the author
Ashwin Vamshi is a Security Researcher with innate interest in targeted attacks and malwares using cloud services. He is primarily focusing in identifying new attack vectors and malwares, campaigns and threat actors using ‘cloud as an attack vector.’
Ashwin Vamshi is a Security Researcher with innate interest in targeted attacks and malwares using cloud services. He is primarily focusing in identifying new attack vectors and malwares, campaigns and threat actors using ‘cloud as an attack vector.’