Preventing AWS Cryptomining Attacks at the Permission Layer

Register here

AWS recently disclosed an active cryptomining campaign exploiting compromised credentials to execute legitimate – but highly privileged – API calls. While most security tools detect these attacks after resources are deployed and costs are incurred, this webinar shows how they can be stopped before the first API call succeeds.

Join Sonrai Security for a live, technical walkthrough of the attack kill chain- and a real-time demonstration of how controlling privileged permissions prevents the attack entirely.

In this webinar, you’ll see:

• A live attack simulation, with step by step dissection of the attack and the exact AWS services and API call abused
• How unique privileged permissions are abused in an attack like this, and how despite being broadly granted, the permissions involvted are rarely used, high-impact, and disproportionately valuable to attackers
• Why existing PAM & detection tools failed with focus on known identities, nonspecific enforcement for each unique privilege, and post-hoc focus on ‘visibility’ handicaps the ability to stop any IAM attack
• How to prevent this by eliminating standing privileges (and ending myopia on CVEs as the only entry point) while not breaking existing workloads or frustrating devs looking for privileged access