2025-10-25 –, Track 2 - Virtual World
Scattered Spider has escalated its exploits in 2025, expanding beyond telcos to target enterprises across industry verticals. After gaining initial access through social engineering, the threat group is increasingly targeting cloud workloads, to elevate permissions for lateral movement. Attacks targeting the cloud control plane, focused on the IAM service, provide the attacker access to high-value assets and sensitive data. These attacks, known as Living off the Cloud attacks, avoid malware and leverage built-in cloud primitives for offensive activity.
This session focuses on identity exploits as part of the overall attack lifecycle of Scattered Spider. Through real-world attack demonstrations and analysis, the session outlines the stealthy enumeration tactics to identify privileged identities, IAM-specific exploits to elevate permissions, and lateral movement.
The session covers the defender’s perspective, what makes detection challenging as attackers pivot across control and data planes, and provides a practitioner’s learnings on countermeasures to defend against cloud identity exploits.
Suril is VP Engineering at Acalvio Technologies. Suril has domain expertise in cybersecurity and has built industry-leading security products. Suril holds several patents. Suril has spoken at numerous security conferences and believes in sharing his knowledge and learning from the interactions.