Over the past year, we’ve observed a coordinated, extensive effort by threat actors to exploit the free-tier offerings of cloud providers. This presentation provides an in-depth analysis of techniques observed in the wild, emphasizing how adversaries systematically exploit free-tier resources, especially those with GPU or ML capabilities, for profit.
We’ll walk through the end-to-end attack lifecycle, from automated cloud account generation and infrastructure deployment to resale on underground marketplaces. We’ll also discuss the broader monetization ecosystem, highlighting how these actors integrate with e-commerce platforms to scale their operations.
The session will include real-world indicators, case study elements, and tooling details to help defenders recognize and disrupt similar activities in their own environments. Attendees will leave with a clearer understanding of the underground economy built around cloud abuse.