Software Engineering Institute

It is well established that with an increase in cloud resource availability, individuals and enterprises are empowered to create and host more content than ever. This talk highlights how attackers continue to abuse pre-existing cloud services by delivering malware, conducting phishing and extorting victims at every stage of the kill chain. The presenters will examine the role of the cloud in various recent attacks, how attackers are leveraging cloud infrastructure to conduct these attacks and identify various popular misused services. From team productivity apps for facilitating trade and collaboration to social media to organize command and control routines to unexpected document hosting, the underpinnings of modern malware operations are increasingly bright and efficient. This talk will attempt to narrow the areas of focus for students, researchers and professionals when understanding the breadth of cloud attacks. Participants will leave with outcomes of the findings of these services used by attackers that correlate to popular attacks or proof of concepts in which they were used, along with resources to learn more about cloud security.

Attendees Will Learn:

• How attackers deliver malware, conduct phishing and extortion attacks, by leveraging pre-existing cloud services, and why they continue to abuse these services.
• How existing data can give insight into how attackers are leveraging cloud infrastructure to conduct these attacks and identify various popular misused services.
• The outcomes of the findings of these services used by attackers that correlate to popular attacks or proof of concepts in which they were used, along with resources to learn more about cloud security.

Remi Cohen is a Senior Threat Intelligence Engineer with F5, serving as a technical lead for enterprise Threat Intelligence and Investigations. Prior to F5 she worked for a large national laboratory leading penetration tests and vulnerability assessments. She also conducted research on current threats as well as an civilian analyst for the US Department of Defense. Her specialty areas of research include mobile vulnerabilities, Industrial Control Systems, and Eastern European threats. She is certified as (ISC)2 CISSP, COMPTIA Security+, GIAC GREM, and ECCouncil C|EH. She holds a Master’s degree from New Mexico State University in Industrial Engineering as well as Bachelor’s degrees in Computer Science and Government from Georgetown University.

Kim Huynh supports Microsoft's Threat Intelligence team within security research as a Security Program Manager. Prior to that, she worked in healthcare as a Cybersecurity Engineer focusing on threat intelligence and response. Kim's prior research was dedicated to the adoption of a new marine protocol OneNet, developed for the National Marine Electronics Association (NMEA) to enhance technology and safety of marine electronics. Prior to that Kim worked with the Public Infrastructure Security Collaboration and Exchange System (PISCES) Project to analyze real-time network traffic of Washington state government entities. She holds a B.Sci. in Computer and Information Systems Security and her A.A.S.T. in Cybersecurity CAE2Y accredited by NSA and DHS. Kim is a SANS Women's Academy Scholar. GSEC and GCIH certified.