Rootconf Mini 2024 (on 22nd & 23rd Nov)

Geeking out on systems and security since 2012

This video is for members only

Chandrapal Badshah

@bnchandrapal

With Infinite Scale Comes Infinite Bill (and Bankruptcy)

Submitted Oct 3, 2024

What can a bored hacker do with $5? They can do one of the below - buy a coffee, subscribe to some video streaming service or make your company bleed 10s to 100s of dollars in cloud bills.

While the majority of companies are already on cloud or have a hybrid cloud setup, one must understand that cloud environments are different organisms compared to data centers. It can massively scale your infrastructure. It can massively scale your cloud bills as well - pushing your company anywhere between huge expenses to the brink of bankruptcy.

This research based talk shines light on an underrated bug class specific to cloud environments, often referred to as “denial of wallet” (DoW) or “exhaustion of wallet”, among different cloud providers and cloud services.

The talk tries to answer the reasons why this bug class exists, public examples of these attacks in the past and the different cloud and VPS providers that are vulnerable to this bug class. The talk will also highlight possible solutions that can be implemented on both sides of the shared responsibility model to detect and mitigate bug class - showing ways to mitigate damage from an attacker willing to spend $500 against your infrastructure.

Key Takeaways: The root cause of DoW, different services from different cloud providers that are affected by this issue, possible solutions to detect and mitigate this bug class.

Audience Segment this talk is going to benefit: Cloud Architects, Cloud Engineers & Cloud Security Professionals.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

We care about site reliability, cloud costs, security and data privacy

Supported by

Platinum Sponsor

Nutanix is a global leader in cloud software, offering organizations a single platform for running apps and data across clouds.

Platinum Sponsor

PhonePe was founded in December 2015 and has emerged as India’s largest payments app, enabling digital inclusion for consumers and merchants alike.

Silver Sponsor

The next-gen analytics engine for heavy workloads.

Sponsor

Community sponsor

Peak XV Partners (formerly Sequoia Capital India & SEA) is a leading venture capital firm investing across India, Southeast Asia and beyond.

Venue host - Rootconf workshops

Thoughtworks is a pioneering global technology consultancy, leading the charge in custom software development and technology innovation.

Community Partner

FOSS United is a non-profit foundation that aims at promoting and strengthening the Free and Open Source Software (FOSS) ecosystem in India. more

Community Partner

A community of Rust language contributors and end-users from Bangalore. We have presence on the following telegram channels https://t.me/RustIndia https://t.me/fpncr LinkedIn: https://www.linkedin.com/company/rust-india/ Twitter (not updated frequently): https://twitter.com/rustlangin more