"Cloud-First" Ransomware - A Technical Analysis

Logo
Presented by

Bob Gilbert and Sean Hittel of Netskope

About this talk

Cloud services have emerged as the preferred attack vector of some of the most dangerous and innovative cloud malware exploits of the past six months. Why?  Because many organizations don't inspect their cloud SSL traffic for malware and the same functionalities of the cloud dramatically increase productivity (sync, share, collaborate, etc) also provide ransomware developers with a perfect medium for faster delivery of malware payloads to more targets. Join Netskope chief evangelist, Bob Gilbert, and Threat Detection Engineer, Sean Hittel, for a fascinating look at how malicious actors now design ransomware to make best use of popular cloud services to hide in plain sight, and do more damage in less time.    Bob and Sean will provide technical analyses of recent malware campaigns discovered or documented by Netskope Threat Research Labs and how to defend against them.  These include:   • Virlock, which encrypts files and also infects them, making it a polymorphic file infector  • CloudFanta, which uses the SugarSync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities • CloudSquirrel, which takes advantage of multiple cloud apps throughout the ransomware kill chain with the intent to steal and exfiltrate user data • The Zepto variant of Locky ransomware, now distributed both by popular cloud storage apps and via DLL

Related topics:

More from this channel

Upcoming talks (3)
On-demand talks (883)
Subscribers (55203)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa