当前位置:首页 > 报告详情

云环境中的勒索软件部署生命周期.pdf

上传人: 可*** 编号:991818 2025-12-07 29页 2.12MB

1、The Ransomware Deployment Life Cycle in Cloud EnvironmentsArda BykkayaSenior Cyber Threat Intelligence Analyst,EclecticIQArda BykkayaAbout me Senior Cyber Threat Intelligence Analyst at EclecticIQ Delivering actionable intelligence to Fortune 500 companies and government bodies Background in Malware

2、 Analysis and Incident Response Uncovering nation-state APT operations and tracking financially motivated threat actorsWhichbufferArdaardabuyukkaya Cost of Ransomware Attack Exploiting Low-Cost High-Impact Vulnerabilities From Privileged User Accounts to Cloud Access Prevention Strategies for Cloud

3、Defenders Key Takeaways and Final ThoughtsAgendaCost of Ransomware Attack 45%of all data breaches were cloud-based,and the average cost was just over$5 million Compromising cloud infrastructure drives up ransomware payouts:o broader attack surfaceo complex recovery processeso increased operational d

4、isruptionmaking it a high-value target for RaaS affiliatesIBM Cost of a Data Breach Report 2024 1Exploiting Low-Cost High-Impact Vulnerabilities Edge Network Devices:Since 2023,Black Basta affiliates exploited vulnerabilities in VPN/Firewall solutionsThese exploits enable access to cloud infrastruct

5、ure and cloud credentials.Inside BRUTED Black Basta(RaaS)Members Used Automated Brute Forcing Framework to Target Edge Network Devices 2From Privileged User Accounts to Cloud AccessHigh-Privileged Accounts Targeted via Phishing and Smishing:Phishing pages targeting Cloud Service Providers(Azure,AWS,

6、GCP)and Single Sign-On platforms for credential theft Fake login portals mimic popular SaaS platforms,including:o Oktao ServiceNowo Zendesk o Twilioo Cloudflareo VMware Workspace ONEHighly Targeted Phishing Attacks with Brand Impersonation:Typosquatted domains used for phishing:o victimname-ssoo vic

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据文章内容,以下是全文关键点的概括: 1. **勒索软件攻击成本高昂**:45%的数据泄露涉及云基础设施,平均成本超过500万美元。 2. **利用低成本高影响漏洞**:Black Basta利用VPN/防火墙解决方案中的漏洞,获取云基础设施和凭证。 3. **高级用户账户成为目标**:通过钓鱼和短信钓鱼攻击云服务提供商和单点登录平台,窃取凭证。 4. **滥用云原生工具**:RaaS运营商利用Azure Run Command和Microsoft Intune等工具进行横向移动。 5. **滥用跨租户同步**:RaaS运营商滥用Microsoft Entra ID中的跨租户同步,进行持久访问和横向移动。 6. **AWS滥用**:通过Okta SSO入侵AWS租户,使用AWS服务进行枚举和数据收集。 7. **防御策略**:实施FIDO2安全密钥的多因素认证,强制执行条件访问策略,禁用不必要的跨租户同步。 8. **关键结论**:将威胁情报转化为有效的防御策略至关重要,云应用是威胁行为者的理想目标。
"云环境下的勒索软件攻击成本" "如何防范云环境中的勒索软件攻击?" "勒索软件攻击者的新手段揭秘!"
客服
商务合作
小程序
服务号
折叠