Serverless Infections – Malware Just Found a New Home

Tech 3 (801A) October 2, 2018 1:25 pm - 2:25 pm Feedback     

Bookmark and Share

Shimi Eshkenazi

With Lambda by Amazon, Cloud function by Google, and Azure functions by Microsoft, we will definitely be seeing more and more organizations leveraging the advantages introduced by serverless computing. But what does serverless computing entail when it comes to security? With no dedicated server, is the risk higher or lower? Maybe it’s just different. Can malware live inside the code?

Following serverless attack ideas discussed by Rich Jones, we challenged our research team to implement the first-ever Remote Code Execution (RCE) attack in serverless environments that is both stored and viral. Using Amazon’s Lambda as our first test subject, we were able to build a PoC where we showed how information extraction and exfiltration is done. We also demonstrated how the payload persists and can be injected into other non-vulnerable functions. We then went ahead and tested to see if the same would work on Azure and Google Cloud.

Join us to:

  • Learn how we built self-duplicating attacks that can survive persistently within the code
  • Watch a step by step demonstration of how we infiltrated, infected, and exfiltrated data from a platform running on a serverless environment