In August, Adi Belnikov and I had the opportunity to present at BSidesLV on a topic that’s become increasingly critical: the evolving nature of cloud threats from the adversary’s perspective. Our talk, titled “Adversaries Also Lift & Shift: Cloud Threats Through the Eyes of an Adversary," focused on the new landscape of cloud security and the way attackers are adapting faster than many defenders.

Instead of “breaking in,” adversaries are now often “logging in.” They’re leveraging cloud-native features, misconfigurations, and legitimate services to execute sophisticated attacks that are much harder to detect. Our goal with this presentation was to shine a light on how attackers view cloud environments and the innovative methods they employ to exploit these spaces.

We broke down our talk into several key areas:

  1. Cloud Security Landscape
    We kicked things off by discussing the rapid adoption of cloud and the misconceptions surrounding its security. Many still believe that the cloud provider is responsible for all security—a dangerous myth that ignores the shared responsibility model.

  2. Adversaries' Perspective on Cloud Migration
    We explored how attackers have adapted their strategies as more organizations move to the cloud. Real-world case studies highlighted how these adversaries exploit cloud-specific weaknesses, from IAM misconfigurations to vulnerable APIs.

  3. Evolution of Attack Strategies
    Traditional attack vectors have transformed to fit the cloud context. We talked about how insecure cloud storage, API vulnerabilities, and cloud-native exploits are becoming the go-to methods for sophisticated adversaries.

  4. Limitations of Traditional Security Tools
    We emphasized the limitations defenders face when using traditional on-premise tools in cloud environments. Attackers are aware of these gaps and use them to their advantage, especially around visibility issues and the economics of log management.

  5. Protecting Cloud Infrastructures
    We delved into common pitfalls like misconfigurations and weak IAM policies that attackers love to exploit. The talk also covered how adversaries misuse legitimate cloud features for their gain—turning the cloud’s own capabilities against us.

  6. Building Resilient Cloud Defenses
    Finally, we talked about what defenders can do. Adopting an adversarial mindset is key to anticipating these moves. We also highlighted the importance of cloud-native security measures and proactive defense mechanisms that fit this evolving landscape.

Our message to attendees was clear: cloud security requires a mindset shift. Attackers are adapting, and so must we, by employing cloud-native strategies, continuous monitoring, and truly understanding the architectural complexities of cloud environments. The cloud isn’t just a different data center—it’s an entirely different playing field.

If you missed the talk or want to revisit our points, you can watch the full recording here: BSidesLV Talk: Adversaries Also Lift & Shift. WWe hope it sparks some new ideas on how to stay ahead of the adversaries adapting to the cloud.

A big thank you to the BSidesLV team for their incredible support and for having us. It was an honor to be part of such a fantastic event, and we truly appreciate all the hard work that went into making it happen.

“It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change.” — Charles Darwin