Cyber Attack Workshop

Cloud Imposter: Using SSO to Stage a SaaS Invasion

On-Demand

Watch our attacker perform a sneaky spear-phishing attack to take over an admin’s account and impersonate high-profile users with a built-in SSO feature.

Our imposter will steal hundreds of sensitive HR docs from the company’s Google Workspace, create hidden backdoor links, and jump over to Box to exfiltrate customer contracts.

We’ll show you exactly how this attack is performed, then highlight how DatAdvantage Cloud makes it easier to see and prevent cross-cloud attacks.

Replay

Watch Now

How the attack works:

Pre-attack recon to figure out who will be an easy target
Bypass MFA using an advanced phishing technique
Export the org’s Google Workspace user list
Impersonate the VP of HR, access her Google Workspace, and steal employee data
Create hidden sharing links to external Gmail accounts as a backdoor
Take over a Box super admin account
Exfiltrate data using a custom public sharing URL

After the simulation, our Incident Response team will use DatAdvantage Cloud to show how our proactive policies and cross-cloud investigation features can detect and prevent this type of attack

Ryan O'Boyle Sr. Manager Cloud Architecture & Operations, Varonis

Ryan O’Boyle, GCIH is the Sr. Manager of Cloud Architecture & Operations at Varonis. Ryan has an engineering background with experience in IT infrastructure, Incident Response, and Data Protection. Varonis’ team of security professionals provide complementary Incident Response services to all existing customers. In addition, they work with customers to operationalize the Varonis Data Security Platform and integrate Varonis into the security ecosystem.

“The level of governance and insight provided by Varonis empowered our team to detect and respond to abnormalities as well as user activity and misconfigurations.”

Al Faella, CTO, Prospect Capital Management

Want to see Varonis in action?