报告预览

Elevate Your Game with CrowdStrike and Bring AI Innovation to Your Cloud Detection and Response.pptx.pdf

编号：162730

PDF 26页 5.55MB 下载积分：VIP专享

下载报告请您先登录！

Elevate Your Game with CrowdStrike and Bring AI Innovation to Your Cloud Detection and Response.pptx.pdf

1、2024 CrowdStrike,Inc.All rights reserved.Cristian RodriguezField CTO,Americas,CrowdStrikeElevate Your Game with CrowdStrike and Bring AI Innovation to Your Cloud Detection and Response2024 CrowdStrike,Inc.All rights reserved.20+years in CyberCrowdStrike -10 YearsMSSPGlobal EnterprisePublic Sector He

2、althcareFIELD CTO|AMERICASCRISTIAN RODRIGUEZ22-AU-006 Adversary Universe World Tour_v1|2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.3 3 3CLOUD RESOURCESAccess to DataFor data extortion or destruction,IP theft,espionageAcce

3、ss to Compute ResourcesFor resource hijacking,crypto-mining operationsAccess to Other TargetsFor moving laterally,maintaining stealth,identifying resources(including access to other organizations)Compromised Identities/Theft of Valid CredentialsCredential ResetMFA BypassAbuse of Public-Facing Applic

4、ationsExploitation of MisconfigurationsCloud Threat LandscapeCloud Attacks Are Leveraging:To Achieve:2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.Adversaries are learning cloud to better monetize their access 2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStr

5、ike,Inc.All rights reserved.CRYPTOResource Hijacking forOpportunistic2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.They are exploring new TTPs to achieve their objectives2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.We can learn

6、 the most from what has already happened in IR.2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.If you think your cloud security is a disaster today,just wait until you have to do Incident Response.-Sun Tzu(probably)“2024 CrowdStrike,Inc.All rights reserved.2024 Crow

7、dStrike,Inc.All rights reserved.CLOUD-AGNOSTIC ACTORTreats a Cloud Workload simply as another computerPlaybooks are primarily ransomware focused on the host and network layer.2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.CLOUD-CONSCIOUS ACTORUnderstands the relati

8、onship between the CSPs control plane,services,and workload.Actively attempts to abuse the services of the Cloud Service Provider while having the victim pay for it2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.SSRF In the CloudIMDSAttacker exploits SSRF tricking t

9、he EC2 instance into requesting credentials from IMDSIMDS returns credentialsEC2 instance forwards credentials to attackerSSRF Repeatedly observed as initial access vectorIn 2022,exploiting public facing applications almost as common as having valid credentials for initial access2024 CrowdStrike,Inc

10、.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.Scattered Spider Cloud TTPs Data Staging for Exfiltration Deployment of Cloud Virtual Machines Cloud Native Persistence Mechanisms Discovery of connections between cloud environment and on premises2024 CrowdStrike,Inc.All rights reserved.

11、2024 CrowdStrike,Inc.All rights reserved.1313Attack Case:SSRF Exploitation Leads to Data Exfil&RansomDay 1Exploit SSRF CVE-2021-40438 IN APACHE WEBSERVER RUNNING IN AWSDay 1DiscoveryS3,AWS SECRETS MANAGEMENT,DATABASE,INSTANCESDay 1ExfiltrationEXFILTRATED S3 DATAUnknownRansom Note DeliveredData Leake

12、d on Underground Forum90 Days 2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.1414Attack Case:SCATTERED SPIDERs Lateral Movement between Cloud and On-PremiseSource:CSA-230990 SCATTERED SPIDER Moves Laterally Between and Within Cloud Environments and from Cloud to On

13、-Premise;Establishes Persistence via Additional Cloud Credentials and EC2 Instances;Escalates Privileges via User PolicyCSA-230967 SCATTERED SPIDER Evades Cloud Security Measures;Deactivates CloudTrail and GuardDutySmishing Message Logs into Microsoft MyAppsAdded MFA to compromised Entra ID users202

14、4 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.1515Accesses SharePointFound VPN Setup documentationLogs into VPNMoves laterally to on-prem VMs2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.1616Case 3:SCATTERED SPIDERs Lateral Movemen

15、t between Cloud and On-PremiseSource:CSA-230990 SCATTERED SPIDER Moves Laterally Between and Within Cloud Environments and from Cloud to On-Premise;Establishes Persistence via Additional Cloud Credentials and EC2 Instances;Escalates Privileges via User PolicyCSA-230967 SCATTERED SPIDER Evades Cloud

16、Security Measures;Deactivates CloudTrail and GuardDutySmishing Message Logs into Microsoft MyAppsAdded MFA to compromised Entra ID usersLogs into MyApps with 2nd Entra ID identity2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.1717Accesses SharePointFound VPN Setup

17、documentationLogs into VPNMoves laterally to on-prem VMsLateral Movement to AWSCreated New Public EC2 InstanceAdd Backdoor Access Key and Change Login CredentialsAttach instance-profile escalating privilegesLateral Movement to InstanceDisabled Cloud Security Tools2024 CrowdStrike,Inc.All rights rese

18、rved.2024 CrowdStrike,Inc.All rights reserved.75%Increase in Cloud Exploitation in 2023110%Increase in Cloud-Conscious Threat ActorsSource:CrowdStrike 2024 Global Threat Report84%Of Adversary-Attributed Cloud-Conscious Intrusions Were Focused on eCrimeADVERSARIES CONTINUE TO DEVELOP CLOUD-CONSCIOUSN

19、ESS2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.HOW DOES AI FIT INPAIN Effective email phishing attacks Deep Fakes|Video&Voice Autonomous vulnerability exploitation Recursive attack cycle enforcement What would the AI Augmented SOC look like?TRADITIONAL SOC VS.AI

20、-AUGMENTED SOC2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.HOW DOES AI FIT INInvestigation Assistance Intelligence Summarization Query Translation Documentation and Executive Reporting Training and OnboardingGAIN2024 CrowdStrike,Inc.All rights reserved.2024 Crowd

21、Strike,Inc.All rights reserved.HOW DOES AI FIT INYour exposure to vulnerabilities used by threat actors who target the industry technology is represented by 85 unique vulnerabilities.The majority of these vulnerabilities are rated as critical,with a count of 3031,while only two are rated as high.Som

22、e key findings included.CHARLOTTE AI19s query time8 API calls30min comparable analyst time for the same queryWhat is my exposure to vulnerabilities used by threat actors who target my industry?USER2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.A DATA-CENTRIC PLATFO

23、RM APPROACHData-centricAI-native Platform Security and IT Automation Threat Intel1st and 3rd Party DataGenerative,Cloud and Sensor AIThank you2024 CrowdStrike,Inc.All rights reserved.2024 CrowdStrike,Inc.All rights reserved.CROWDSTRIKES FALCON XDR PLATFORM STOPS BREACHES 2024 CrowdStrike,Inc.All rig

24、hts reserved.2024 CrowdStrike,Inc.All rights reserved.Scattered Spider TTPs Targeted social-engineering Bypasses MFA via vishing,MFA notification fatigue,and likely SIM swapping Access to victims is primarily used for lateral movement to companies that are customers of the victim Changed monetization strategy in January 2023:First allegedly exfiltrating data for ransom,now BGH using the ransomware AlphV Novel cloud TTPs

友情提示

1、下载报告失败解决办法
2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。
3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

本文（Elevate Your Game with CrowdStrike and Bring AI Innovation to Your Cloud Detection and Response.pptx.pdf）为本站（张5G）主动上传，三个皮匠报告文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知三个皮匠报告文库（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。

上海品茶

Elevate Your Game with CrowdStrike and Bring AI Innovation to Your Cloud Detection and Response.pptx.pdf

Elevate Your Game with CrowdStrike and Bring AI Innovation to Your Cloud Detection and Response.pptx.pdf