Post on 13-Jun-2020
@shambanIT
Everyone is hackableHow long will it take you to notice?
Shira Shamban @shambanIT
@shambanIT https://www.researchgate.net/figure/Traditional-Data-Center-Network-Architecture_fig2_260671144
@shambanIT
@shambanIT
Prevention doesn’t work anymore!
@shambanIT
Cloud created for us a new perimeterAnd so many new buzzwords
@shambanIT
The shared responsibility model
https://aws.amazon.com/compliance/shared-responsibility-model/
@shambanIT
IAM (identity and access management)
Service to manage users and permissions.
Lets people, machines and 3rd parties do stuff...
@shambanIT
Different storage services
S3, RDS, EBS, AMI, ElasticSearch
@shambanIT
Compute power
Denial of wallet, proxy attacks, cryptomining
@shambanIT
Capital One hack
What do we know?
@shambanIT
● PII of more than 100M people● About 30 other victims● Crypto-mining too...
The damage:
@shambanIT
Scanner (?) SSRFMeta-Data
service
Get token
List and sync S3
Install miners
(?)
@shambanIT
● Know your roles● Least privilege principle● Monitor who’s running commands, and where
from
Could this have been prevented?
@shambanIT
@shambanIT
Thank you!Shira Shamban
@shambanIT