Start / Cloud Security Podcast / Understanding a 10b fraud vector in cloud native workflows

Understanding a $10B Fraud Vector in Cloud-Native Workflows

45 min • 22 juli 2025

A $10 billion fraud vector is currently exploiting a common feature in many cloud-native applications: the SMS verification flow. This isn't a traditional breach. Instead of stealing data, adversaries use bots to trigger costs that are quietly absorbed into your company's operational budget, often showing up as an inflated cell phone or marketing bill.

We spoke to Frank Teruel, COO at Arkose Labs about how this fraud works at a technical level and why modern, automated cloud workflows can be a perfect hiding place for these costly attacks. He also shares a story of how a single cloud container was hijacked, costing a company half a million dollars in compute costs for crypto mining over one weekend.

This is a critical conversation for anyone working in cloud security, DevOps, and engineering who wants to understand the financial risks embedded in the very architecture of their applications.

Guest Socials -⁠⁠ ⁠⁠Frank's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity Podcast

Questions asked:

(00:00) The $10 Billion Invisible Threat(02:40) Frank Teruel’s Journey into Digital Identity(03:35) Why Identity Remains a Weak Spot for Cybersecurity(05:35) The Evolution of SMS Fraud(07:20) The "$5M Surprise Bill" Story(08:55) What is SMS Toll Fraud?(11:19) Does WAF Catch SMS Fraud?(12:49) Cloud vs. On-Prem: Is One Safer From SMS Fraud?(14:00) Does Single Sign-On Help With This?(15:55) How a Gaming Attack Becomes a Bank Heist(24:54) How AI is Weaponized for Cloud Attacks(25:35) The $500k Cloud Bill from a Hijacked Container(31:18) The Attack Vectors Cloud Teams Underestimate(35:30) What Are "Smart Bots"?(36:46) Where to Start Building a Program Around Fraud?(40:16) Fun Questions: Grandkids, Cooking & Music

Senaste avsnitt

Understanding a $10B Fraud Vector in Cloud-Native Workflows

Senaste avsnitt

Understanding a $10B Fraud Vector in Cloud-Native Workflows

How BT Tackled 180 Years of Legacy to Build a Passwordless Future

Why Security Can Be Stricter: A Zero Trust Approach to AppSec with AI

Guide to Hybrid Cloud & Bare Metal Secret Management

"Escape-Proof" Cloud: How Block built an Automated Approach to Egress Control

Prioritizing Cloud Security: How to Decide What to Protect First

Migrating from “Tick Box" Compliance to Automating GRC in a Multi-Cloud World

Using AI Agents to Solve Cloud Vulnerability Overload

Adapting to New Threats, Copilot Risks & The Future of Data (Feat. Matthew Radolec, Varonis)

Securing AI: Threat Modeling & Detection

CYBERSECURITY for AI: The New Threat Landscape & How Do We Secure It?

Cloud Security Evolved: From CNAPP to AI Threats

RSA Conference 2025 Recap: Top Themes, Actionable Insights & Future Trends

Mindset: Modern SOC Strategies for Cloud & Kubernetes (Ft Sergej Epp. Ex-Deutsche Bank)

Scaling Container Security Without Slowing Developers

How Attackers Stay Hidden Inside Your Azure Cloud

How Confluent Migrated Kubernetes Networking Across AWS, Azure & GCP

The New Future of Cloud Security: Vendor Lock-In, Runtime, and SOC Readiness

Detection Engineering with Google Cloud

CNAPPs & CSPMs don’t tell the full cloud security story

Securing AI Applications in the Cloud

Realities of Cloud Networking in AWS

Cloud Incident Response in Microsoft Azure

AWS Multi-Account Security: What Netflix Learned

Cloud Security Detection & Response Strategies That Actually Work

CISO Challenges Across Industries

Why Solving the Data Problem is Key to Cloud Security?

The economics of cybersecurity and trends

The Truth About CNAPP and Kubernetes Security

Cybersecurity Isn’t Crowded: Security Engineering and the 5,000 Vendor Problem

Centralized VPC Endpoints - Why It Works for AWS Networking

What is CADR?

Building Platforms in Regulated Industries

Dynamic Permission Boundaries: A New Approach to Cloud Security

Building a Resilient Cloud Security Program after Merger and Acquisition

Building Data Perimeter in Cloud in 2024

Navigating NIST CSF 2.0: Guide to Frameworks and Governance

Building a SOC Team in 2024 - Automation & AI

Cloud Identity Lifecycle Management Explained!

Traditional PAM vs Cloud CPAM for a cloud first world

The Role of Cloud Security Research in 2024

Edge Security is the Key to Cloud Protection

Is your CI/CD Pipeline your Biggest Security Risk?

State of Cloud Security - Practitioner Edition

BlackHat USA 2024 Highlights and Recap

Building an Incident Response Team for High-Growth Companies

State of Cloud Security 2024 - Leadership Edition

Cloud Native Strategies from a FinTech CISO

Fixing Cloud Security with AWS Lambda

What is confidential computing? Explained for 2024

The Evolution of Infrastructure as Code so far - 2024 Edition

What is AI-SPM?

Creating Effective Sigma Rules with AI

What is the future of security operations with AI in 2024?

Cloud Native Security Strategies for 2024

Real-World Cloud Security Challenges and Solutions Explained for 2024

Why Least Privilege Matters in Cloud Security?

How is Kubernetes Network Security Evolving?

The Future of Software Development with AI

The role of Real Time Defense in Cloud Security

CISO's guide to embracing risk in business

Why Email Breaches Still Happen?

Essential Strategies to master Incident Response in Cloud

From Code Suggestions to Security

Cloud Security Operations for Modern Threats

Understanding Threat Modeling in Cloud

Balancing Efficiency & Security: AI’s Transformation of Legal Data Analysis

Sidecar Container Vulnerability in Kubernetes explained

Role of application security posture management in cybersecurity

Cybersecurity Best Practices and Password Security in Cloud and AI

Multicloud strategy for AWS and GCP

AI's Role in Security Efficiency - Kubernetes Edition

Build an Effective AWS Cloud Security Program in 2024

Offensive Cloud Security Program for 2024

Understand Your Cloud Security Landscape to cut through the noise!

Kubernetes Security Trends 2024 | Software Supply Chain Security, Zero Trust and AI

Kubernetes Network Security for Multi Tenancy

AWS reInvent 2023 - Security highlights and announcements