Cloud Imposter: Using SSO to Stage a SaaS Invasion

Logo
Presented by

Tyler Miller, Cloud Security Architect, Varonis

About this talk

Cyber Attack Workshop: Watch our attacker perform a sneaky spear-phishing attack to take over an admin’s account and impersonate high-profile users with a built-in SSO feature. Our imposter will steal hundreds of sensitive HR docs from the company’s Google Workspace, create hidden backdoor links, and jump over to Box to exfiltrate customer contracts. How the attack works: - Pre-attack recon to figure out who will be an easy target - Bypass MFA using an advanced phishing technique - Export the org’s Google Workspace user list - Impersonate the VP of HR, access her Google Workspace, and steal employee data - Create hidden sharing links to external Gmail accounts as a backdoor - Take over a Box super admin account -Exfiltrate data using a custom public sharing URL After the simulation, we will show you how proactive policies and cross-cloud investigation features can detect and prevent this type of attack.
Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (952)
Subscribers (72500)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa