Securing The Cloud- Taking Back The Attacker's Mindset.pdf

《Securing The Cloud- Taking Back The Attacker's Mindset.pdf》由会员分享，可在线阅读，更多相关《Securing The Cloud- Taking Back The Attacker's Mindset.pdf（22页珍藏版）》请在三个皮匠报告上搜索。

1、PRESENTED BYSecuring The Cloud:Taking Back The Attackers MindsetChris HoskingCloud Security Evangelist31234AgendaAI Within the Cloud Security ChallengeCloud Threat LandscapeAI to Secure the CloudTaking Back the Attackers Mindset4Antoine de Saint Exupry“The machine does not isolate man from the great

2、 problems of nature but plunges him more deeply into them.”5AI within the Cloud Security challengeInternal AI opportunities:People,Processes&TechnologyAI-fueled External Challenges:Evolving Cloud Threat Landscape&Motivated Threat Actors(APTs)6Cloud Threats On The RiseIncrease in#of cloud breaches:Ta

3、rgeting business critical applications in cloud&the increasing amount of data stored in public cloudIncrease in cloud attack sophistication:Novel techniques continue to be seen,across more threat actors,and in new combinations Increase in AI&automation in cloud attacks:Chat&WormGPT,&bots including c

4、rypto-miners,scrapers,phishing,credential harvesting&stuffing7PassGan&PCFG CrackersAI&ML powered password crackersMalGanFeed-forward neural networks designed to evade ML detection enginesDeepLockerIBM POC with deep neural network capabilities&stays hidden until hitting pre-defined contextPrevious Ex

5、amples of AI-Powered Attacks8Cloud Attacks:The Knock On The DoorFileless attacks running in memory steadily risingWipers&Ransomware now have Linux variantsContainer specific attacks(container escape,mounting filesystems)CryptojackingOS&App level vulnerabilities found via automated tooling&exploited

6、via automated toolingAI-Malware polymorphism Black Mamba recent example9Cloud Attacks:DevOps Pipeline ThreatsTargeted Supply Chain campaigns are being observed for the first timeUse of non-standard languages for threat actors to hide in open-source packagesCode Repositories are being targeted for cr