|
|
|
|
|
|
by neochris
818 days ago
|
|
|
I am curious though. Have you ever seen an attack path from a personal device compromise to full Cloud account takeover (or something along those lines like an exfil job or cryptojacking). I haven't? Usually compromised personal devices at the startup level comes from a spray-and-pray watering hole campaign. Likely to be used as part of a botnet, where your device is 1 in a million. Nothing really targeted where the end goal is to compromise a seed / series A's crown jewels. Once again, please share stories if I should be more worried. |
|
|
Devops eng ran a personal unpatched Plex server, threat actor came in via home network/plex, pivoted to personal, devops eng accessed production via the personal.
To your point, this is fairly targeted.
But to your other point, you miss what I’m hammering above - Series A’s Crown Jewels, if it is selling SOAR (or any other sec tool in this direction) are its clients and their sec infra. 90% of the time, Series A can get hacked and who cares really. If you’re selling SOAR, you’re hacked to hack clients. JumpCloud, selling identity, was hacked this way last yr.
Threat actors know about the angle I am describing in this thread wrt to this. Sec and identity infra has been targeted heavily for the last 24 months, specially to pivot into client companies. If you’re selling SOAR, this is what to plan for.
This is also pretty common across crypto.
All in all, depends on your threat model, and if you’re selling security tools, your clients’ threat model becomes your own, bc threat actors know and exploit this now.