Yotam Meitar
Yotam has spent the last ten years managing and responding to some of the most sophisticated global cyber operations. He’s worked with technical teams and executives to defeat attacks and leverage cyber as a competitive advantage across incident response, purple teaming, posture enhancements, and executive wargames. In his current role, Yotam focuses on developing cloud-specific incident response methodology and collaborating with practitioners on developing robust cloud security frameworks. Yotam’s previous positions include Director of Incident Response at Sygnia and command positions in the IDF.
Session
Ransom attacks in the cloud are on the rise. Unlike traditional ransomware operations in which attackers fully compromise an on-prem environment before encrypting critical systems, most cloud ransom attack attacks follow a more straightforward playbook: compromising a credential, exfiltrating data, and demanding ransom payments to avoid publication of sensitive data. The speed and sophistication of these attacks are creating new challenges defenders must adapt to in order to survive.
In this session we’ll share the details of a real-world incident response to a sophisticated cloud ransom attack, in which paying the ransom only started the clock on the real battle. Validating the scope of stolen information under looming legal deadlines through unique data forensics, uncovering expert impersonation of a unique identity provider, and revealing clever privilege escalation from a Kubernetes vulnerability to full administrative access, were all instrumental to the success of this incident response.
In addition to the thrilling minute-by-minute technical story, we’ll share key takeaways and intelligence for performing cloud incident response against these rising attacks in a rapidly evolving threat landscape.