IAM Confused: Analyzing 8 Identity Breach Incidents - Maya Levine, Sysdig
Abstract
Almost every cloud breach in recent years has taken advantage of mismanaged permissions, secrets, and identities. This session will dissect 8 real cloud breaches where attackers exploited insecure identities, each scenario unveiling unique insights, intriguing facets, and advice to mitigate similar risks. Themes include: Ownership of identity posture b/w Dev, Ops, & Sec is often unclear, leading to mistakes that stem from going fast Automation tech, serverless functions, & cloud-native activities require authentication. Often this is poorly managed, e.g. leaving secrets/credentials exposed in S3 state files (Human/machine identity management) MFA abuse through social engineering still works well SaaS apps are huge attack surface, with credentials being left everywhere: repos, Github, AD, Slack We will specifically highlight something interesting in each scenario and provide a key takeaway that is more useful than “lock your stuff down.”