11-23, 11:35–12:00 (Europe/Vienna), Track 1 (Dachssal)
In today's digital landscape, adversaries have shifted their focus to the cloud, finding it easier to attack and compromise than traditional on-premises systems. This talk explores the asymmetry in cloud security, where attackers find the cloud environment more accessible and easier to exploit, while defenders struggle to keep up. We will delve into the reasons behind this imbalance, including the global accessibility of cloud services, the critical role of identity as the new perimeter, and the low barrier to entry for attackers needing only a single set of credentials. Additionally, we'll discuss the lack of visibility in cloud environments compared to the well-established practices in on-premises setups, and how the diverse configurations and logging systems of various cloud providers add to the complexity. Finally, we will address the unique skill set required for incident response in the cloud and the industry's current readiness. Attendees will gain a comprehensive understanding of these challenges and learn practical strategies to enhance their cloud defense capabilities.
Adversaries are not “breaking in”, they are “logging into”. They are innovating, adapting their techniques to exploit the unique opportunities and vulnerabilities presented by cloud environments.
This talk dives deep into the minds and methods of attackers as they navigate the shift from traditional on-premises environments to the vast, dynamic expanse of the cloud.
This talk will uncover the nuanced strategies, sophisticated tools, and evolving targets of these adversaries, emphasizing their opportunistic adaptation to cloud-specific security gaps. Attendees will gain insights into the latest attack vectors that are uniquely effective in cloud environments, from exploiting misconfigurations and weak identity and access management policies to leveraging insecure APIs and manipulating cloud-native features. We will explore how attackers perceive the cloud as a fertile ground for exploitation, adapting their mindset to the cloud’s architectural complexities and the inherent challenges it poses to traditional security paradigms. Highlighting a pivotal shift, this presentation will reveal that attackers have fundamentally changed their techniques, moving away from the approaches we've known so far, necessitating that defenders undergo a similar transformation to effectively counteract these advanced threats. By highlighting real-world case studies and dissecting successful cloud breaches, this presentation aims to provide a comprehensive understanding of the attacker's perspective, revealing how their approaches shift in response to cloud adoption. Attendees will leave with a profound understanding of the critical need for cloud-native security strategies and the knowledge to anticipate, identify, and defend against the sophisticated tactics employed by adversaries in the cloud. This talk is designed to arm cybersecurity professionals with the insights needed to fortify their cloud environments against the ever-evolving threat landscape, ensuring a proactive and resilient defense posture in the face of cloud-centric attacks.
Roei Sherman is the Field CTO at Mitiga, a leading Cloud Incident Response company, where he leverages his extensive expertise in cybersecurity to drive innovation and guide strategic initiatives. With over a decade of experience in adversarial cybersecurity roles, Roei specializes in Red Team operations, utilizing an adversarial mindset and guerrilla tactics to enhance defensive strategies across various security engagements, including training, lectures, and consulting.
Roei's career began in the Field Intelligence unit of the IDF, where he continues to serve in the Reserves. He has held significant positions at AB InBev as Global Director of Offensive Services and as an information security consultant and Red Team leader for EY Israel. His technical acumen encompasses red team engagements, cloud security, social engineering, physical security, deception, and incident response.
Roei is known for his ability to think like an attacker, providing invaluable insights and strategies for robust cybersecurity defenses. His contributions to the field have made him a sought-after speaker and consultant, helping organizations strengthen their security posture against evolving threats.