How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Environments

Advanced threat actors are compromising the identity infrastructure of some of the largest organizations in the world with ease. Upon gaining access to the identity provider, they are able to move laterally into Iaas, PaaS, and SaaS environments and steal data - all in the course of 2-3 days. Join Ian Ahl, SVP of P0 labs and former Head of Advanced Practices at Mandiant, as he shares knowledge stemming from responding to hundreds of breaches in his career. Ian will walk through how advanced threat groups target human and non-human identities for compromise, how they maintain persistence in environments, and provide some tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications. He’ll also provide actionable steps security teams can take to prevent breaches or know about them as quickly as possible. Attendees Will Learn: – How advanced threat groups target human and non-human identities for compromise – Tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications – Actionable steps security teams can take to prevent breaches or know about them as quickly as possible