So much emphasis is placed on cyberattacks that occur logically on-premises. And yet, with the number one threat action being the use of compromised credentials in data breaches, it takes a little more than a convincing phishing email for threat actors to trick users out of an ID/password combination to a web application that can serve as the launch point for lateral movement across other applications in the cloud.
Threat actors have demonstrated numerous times that even barriers like multi-factor authentication can be bypassed, making the compromising of an account not only possible, but probable, even with MFA in place. Once compromised, lateral movement in the cloud can be as simple as leveraging a single account that is afforded access via single sign-on solutions, or through a solid understanding of how secrets, webhooks, and integrations work in the cloud to “move laterally” across applications.
So, how can you detect cloud-based lateral movement, and what does a proper response look like?
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, and will first discuss:
- The nature and state of web-based attacks
- The value in SaaS-app security measures
- How Social Engineering plays a pivotal role in attacks
- What MITRE has to say about lateral movement in the cloud
Nick will then be joined by Ryan O’Boyle, Senior Manager, Cloud Architecture & Operations from Varonis who will first demonstrate a cloud-based attack that includes lateral movement across 4 separate web services, including:
- Phishing a Gmail account to gain access to GitHub
- Identifying secrets that can be leveraged to provide access to Slack
- Social Engineering a slack user to gain access to Salesforce
Ryan will also show the kind of alerting detail that is possible to identify suspicious/abnormal access to web applications and what kind of logging strategy you should use to ensure maximum visibility.
This real training for free event will be jam packed with technical detail and real-world application. Register today!