Nullcon is one of India’s largest and most prestigious security conferences. This year, the conference drew some 70 presenters and more than 2000 attendees from around the world. Topics included zero-day vulnerabilities, the latest attack vectors, and other cyber threats, with a focus on both offense and defense. The conference was held from March 6th to March 7th at the Taj Hotel and Convention Center, Dona Paula, Goa. Rushikesh and Ashwin from Netskope presented our research entitled “Cloud as an Attack Vector”.
The presentation highlighted the cloud-enabled kill-chain — how attackers are leveraging cloud for all phases of the malware lifecycle.
We started by touching basing on common Malware in the Cloud (MITC) attack patterns:
- Cloud as a malware hosting platform
- Cloud as a command and control channel
- Cloud as a platform to spread malware
- Cloud as a platform to host Crimeware as a Service
For each attack pattern, we provided case studies of real-world attacks with threat actors TTPs (Tactics, Techniques and Procedures). The case studies detailed some of the threats we previously blogged about, including:
- CloudSquirrel Malware
- ShortJSRAT
- Xbooster parasitic miner
- Virlock – Malware Fanout
- Stepping Stone Attack – Eternal Blue
- CloudPhishing Fanout
- Pradot CRM Attack
- Hackshit – Phishing as a Service
Overall, the talk attracted a near full house audience of more than 250 attendees who joined to learn why attackers are moving to the cloud, how they are leveraging the cloud, and what we can do to harden our security and protect against cloud-enabled threats.
The slide deck of our presentation can be downloaded here.
