Encryption to Extortion, the Evolution of Cloud Based Attacks

Update: 2025-09-08

Description

In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens.

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.

Special guests:

MacKenzie Brown, VP of APG at Blackpoint

Charles Buck, Founder and CTO of SaaS Alerts

Chris Loehr, DFIR Exerpt

Phyllis Lee, VP of Content at CIS

Comments

In Channel

CIS Controls - Version 8.1 Update Overview

2024-08-0952:09

The Intersection of AI, RPA & Cyber - What Your MSP Needs to Know

2025-07-0359:50

CIS Control 12 - Network Infrastructure Management - sponsored by Domotz!

2022-07-0757:28

CIS Control 11 - Data Recovery - sponsored by Datto!

2022-05-2401:04:20

CIS Control 9 - Email & Web Browser Protections - sponsored by Cisco Secure MSP

2022-03-1756:13

CIS Control 5 - Account Management - sponsored by Keeper Security

2021-10-1901:04:31

Control 4: Secure Configuration of Enterprise Assets - sponsored by ThreatLocker

2021-08-2645:36

Control 3: Data Protection (part 1) - Sponsored by Netwrix

2021-07-0925:16

Multifactor Authentication (MFA) - sponsored by Cisco Duo

2021-05-1136:19

Microsegmentation Demystified: What Every MSP & Client Should Know

2025-09-2301:03:02

AI’s Evolving Role in Attacks & Incident Reponse

2025-09-1601:01:04

Encryption to Extortion, the Evolution of Cloud Based Attacks

2025-09-0801:02:02

When Cyber Hits the Fan: How Your Contracts Protect or Expose You

2025-08-2559:42

Akira Ransomware’s Relentless Attack on SonicWall SSLVPNs

2025-08-1801:02:45

Selling IT & Cybersecurity Services to the CFO (the one who writes the checks)

2025-08-1101:00:43

From Tokens to Trust: Microsoft’s Biggest Security Shift Yet

2025-08-0401:01:52

From Milestone to Mandate: What the Latest CMMC Update Means for Your MSP & Your Clients

2025-07-2801:00:28

What Makes a Good vCISO & Delivering at Scale

2025-07-2101:01:17

Risk, Revenue, and Responsibility: The vCISO’s Real Job

2025-07-1401:01:30

The Ingram Micro Cyber Incident & Building Security Maturity - F12’s ISO 27001Journey

2025-07-0801:03:30

00:00

1.0x

Encryption to Extortion, the Evolution of Cloud Based Attacks

#box-pro-ellipsis-175896840577777{-webkit-line-clamp:2;}Encryption to Extortion, the Evolution of Cloud Based Attacks

Encryption to Extortion, the Evolution of Cloud Based Attacks

Andrew Morgan

Encryption to Extortion, the Evolution of Cloud Based Attacks