Anna Belak, Sysdig | Black Hat USA 2023

August 17, 2023

The Sysdig Threat Research Team recently published a cloud threat report which proved what we all know – attacks in the cloud happen fast. But we didn’t realize how fast. From cloud automation as a weapon to software supply chain vulnerabilities, the annual report exposes shocking statistics on the evolving tactics of attackers lurking within the clouds. Is a 90% secure software supply chain secure enough to rely upon? How are threat actors leveraging automation in 2023? How many minutes does an attacker take on average to launch a targeted cloud attack after uncovering credentials? (Hint: not many) Anna Belak joins us to dig into it all.

Sysdig recently published it global cloud threat report. Some key findings:
1. It’s 10 minutes from attack to damage in the cloud
2. 10% of high-risk vulnerabilities are undetectable until they move to production – you need threat detection, prevention is not enough
3. Attackers have gotten really good at the cloud and automation has only made them better. Scarleteel 2.0 is a great example of an attack we could walk through.

Share some ❤
Guest(s): Anna Belak
Categories: Black Hat USA 2023
starts in 10 seconds