2025-10-25 –, Track 2 - Virtual World
Scattered Spider has escalated its exploits in 2025, expanding beyond telcos to target enterprises across industry verticals. After gaining initial access through social engineering, the threat group is increasingly targeting cloud workloads, to elevate permissions for lateral movement. Attacks targeting the cloud control plane, focused on the IAM service, provide the attacker access to high-value assets and sensitive data. These attacks, known as Living off the Cloud attacks, avoid malware and leverage built-in cloud primitives for offensive activity.
This session focuses on identity exploits as part of the overall attack lifecycle of Scattered Spider. Through real-world attack demonstrations and analysis, the session outlines the stealthy enumeration tactics to identify privileged identities, IAM-specific exploits to elevate permissions, and lateral movement.
The session covers the defender’s perspective, what makes detection challenging as attackers pivot across control and data planes, and provides a practitioner’s learnings on countermeasures to defend against cloud identity exploits.
Tim Crothers serves as a board advisor to Acalvio and several other startups, and is hard at work on his next book. Prior roles include SVP, Global Cyber Defense for United Health Group, a Fortune 4 company, and CSO for Mandiant, where he defended both Mandiant and Google Cloud against some of the world's most sophisticated adversaries. With over 40 years in the technology sector and a security focus since 1994, Tim has broad expertise with a particular passion for cyber threat intelligence, reverse engineering, incident response, and breach investigation. In addition to his leadership and technical accomplishments, Tim is a prolific author and dynamic speaker. Tim has authored 17 books and presents frequently at some of the world's largest cybersecurity conferences. Above all, Tim is dedicated to finding and developing talent, driven by his belief that each of us has a responsibility to leave the world a little better than we found it.