Serverless Infections - Malware Just Found a New Home

Explore the security implications of serverless computing in this AppSecUSA 2018 conference talk. Discover how malware can infiltrate serverless environments as Erez Yalon presents the first-ever Remote Code Execution (RCE) attack in a serverless setting. Learn about the architecture and advantages of serverless computing, understand the associated security challenges, and witness a live demonstration of data infiltration, infection, and exfiltration. Gain insights into self-duplicating attacks that persist within the code and observe their execution across various serverless platforms. Delve into topics such as code injection, AWS SDK exploitation, Lambda security parameters, and Virtual Private Cloud considerations. Walk away with best practices and tips for maintaining security in serverless environments, equipping yourself to address critical questions organizations face when transitioning to this technology.