DEF CON 33 - Preventing One of The Largest Supply Chain Attacks in History - Maksim Shudrak

Imagine one sunny morning you read the news: A crypto worm targets 100+ organizations around the world. The authorities estimate that during the first days of attack ~28,000 hosts in 158 countries were affected, including 24 nation state and European union assets, major banks and tech companies. Since then, the worm has spread and is now everywhere. The industry doesn't know the main source of attack. There are many backdoored artifacts reportedly used by the victims with no obvious connections. Eventually, a security researcher connects all dots and finds the source: compromised, abandoned AWS S3 buckets. The risk that researchers warned in the past materialized on a truly gigantic scale, 5155 buckets were affected. Luckily, this incident has never happened. The buckets used in that hypothetical scenario were claimed by a security researcher and taken down by the Cloud provider. In this talk, we will dissect the anatomy of such an attack. We will show that adversaries equipped with instruments of big data analysis and custom LLM-agents can take these scenarios to the next level by automating and scaling them. We will share statistical insights and 9 concrete stories illustrating potential victim profiles and attack vectors. Finally, we will discuss remediation actions that would eliminate the risk once and for all.