Understanding a $10B Fraud Vector in Cloud-Native Workflows

Cloud Security Podcast

Cloud Security Podcast Team에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Cloud Security Podcast Team 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

3M ago 44:42

MP3•에피소드 홈

A $10 billion fraud vector is currently exploiting a common feature in many cloud-native applications: the SMS verification flow. This isn't a traditional breach. Instead of stealing data, adversaries use bots to trigger costs that are quietly absorbed into your company's operational budget, often showing up as an inflated cell phone or marketing bill.

We spoke to Frank Teruel, COO at Arkose Labs about how this fraud works at a technical level and why modern, automated cloud workflows can be a perfect hiding place for these costly attacks. He also shares a story of how a single cloud container was hijacked, costing a company half a million dollars in compute costs for crypto mining over one weekend.

This is a critical conversation for anyone working in cloud security, DevOps, and engineering who wants to understand the financial risks embedded in the very architecture of their applications.

Guest Socials -⁠⁠ ⁠⁠Frank's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity Podcast

Questions asked:

(00:00) The $10 Billion Invisible Threat(02:40) Frank Teruel’s Journey into Digital Identity(03:35) Why Identity Remains a Weak Spot for Cybersecurity(05:35) The Evolution of SMS Fraud(07:20) The "$5M Surprise Bill" Story(08:55) What is SMS Toll Fraud?(11:19) Does WAF Catch SMS Fraud?(12:49) Cloud vs. On-Prem: Is One Safer From SMS Fraud?(14:00) Does Single Sign-On Help With This?(15:55) How a Gaming Attack Becomes a Bank Heist(24:54) How AI is Weaponized for Cloud Attacks(25:35) The $500k Cloud Bill from a Hijacked Container(31:18) The Attack Vectors Cloud Teams Underestimate(35:30) What Are "Smart Bots"?(36:46) Where to Start Building a Program Around Fraud?(40:16) Fun Questions: Grandkids, Cooking & Music

326 에피소드

#Tech #Kaizenteq Team