While I agree with the sentiment there, lapsus didn't get initial access via social engineering.
They used social engineering to stay ahead of detection.
My point is about that you have no way to isolate a cloud based build bot. No way to detect a threat, because AWS doesn't offer any APIs or pcap streams or anything. It's literally a black box from the perspective of an SOC.
And that is the security responsibility nobody wants to be part of. Neither AWS and neither the organization that rents the machine.
> My point is about that you have no way to isolate a cloud based build bot. No way to detect a threat, because AWS doesn't offer any APIs or pcap streams or anything. It's literally a black box from the perspective of an SOC.
It turns out there is a Gateway Load Balancer that "can be used for security inspection, compliance, policy controls, and other networking services."
They used social engineering to stay ahead of detection.
My point is about that you have no way to isolate a cloud based build bot. No way to detect a threat, because AWS doesn't offer any APIs or pcap streams or anything. It's literally a black box from the perspective of an SOC.
And that is the security responsibility nobody wants to be part of. Neither AWS and neither the organization that rents the machine.