Cloud Kleptos: Lessons Learned Responding to Scattered Spider - SANS DFIR Summit 2024

Explore a 29-minute conference talk from the SANS DFIR Summit 2024 that delves into the rising threat of cloud-focused attacks, particularly those carried out by the LUCR-3 (Scattered Spider) threat actor group. Learn about their sophisticated tactics, including MFA evasion through push fatigue attacks and SIM swapping, as well as their methodical approach to targeting specific industry verticals. Gain insights into LUCR-3's effective traversal of technology boundaries across IaaS, SaaS, and PaaS environments, and their strategy of infiltrating internal communications and knowledge-sharing platforms. Discover the group's notable TTPs, with a specific focus on those targeting SaaS and IaaS layers, from both offensive and defensive perspectives. Understand how Permiso's P0 Labs team has tracked and responded to LUCR-3 over the past 1.5 years, including their involvement in high-profile breaches like MGM and Caesars in late 2023. Equip yourself with valuable knowledge to enhance your organization's cloud security posture against persistent and focused threat actors.