Gem Security, the cloud detection and response (CDR) company, today announced that it is sponsoring a live SANS webinar to help security operations and incident response teams understand how to rapidly detect, investigate, and contain multi-cloud attacks.
The webinar will describe a real-world example of how adversaries target multi-cloud infrastructures to disrupt operations, exfiltrate sensitive data, and steal funds. To accomplish this while evading detection, they often adapt traditional Living-off-the-Land (LOTL) tactics to the specific API-driven characteristics of the cloud.
How? Instead of leveraging native Windows tools like PowerShell and WMI to escalate privileges and move laterally across corporate networks, they’re now compromising native cloud platforms (AWS, Azure, GCP) and identity provider platforms (Okta, Azure AD, Google Workspace) to gain admin privileges and move laterally from one cloud environment to another.
Most cloud platforms do not natively detect these types of activities. This approach also enables attackers to reuse the same playbooks over and over, across different organizations, because most organizations using the same cloud providers have similarly managed architectures.
Also Read: Role of Cybersecurity in Business Success
In this educational webinar, we’ll:
- Dissect a real-world Living-Off-The-Cloud (LOTC) attack that traversed multiple cloud provider platforms and enabled the attackers to disrupt and demand a ransom payment from the victim organization.
- Discuss how the attack could have been detected, investigated, and contained at each phase of the kill chain.
- Provide practical and actionable lessons to strengthen cloud detection and response capabilities including making sure you’re collecting the right logs across the entire cloud attack surface including control, identity, compute, data, networking, and serverless.