Fifty percent of vulnerable targets are attacked within one hour
Aqua Security, the pure-play cloud native security leader, published new research from Team Nautilus revealing a continued rise in cyberattacks targeting container infrastructure and supply chains, and showing that it can now take less than one hour to exploit vulnerable container infrastructure. The “Cloud Native Threat Report: Attacks in the Wild on Container Infrastructure” provides a detailed analysis of how bad actors are getting better at hiding their increasingly sophisticated attacks.
Recommended ITech News: New AMD Radeon PRO W6000 Series Workstation Graphics with AMD RDNA 2 Architecture and Massive 32GB
“The threat landscape has morphed as malicious adversaries extend their arsenals with new and advanced techniques to avoid detection,” said Assaf Morag, Lead Data Analyst with Aqua’s Team Nautilus. “At the same time, we’re also seeing that attacks are now demonstrating more sinister motives with greater potential impact. Although cryptocurrency mining is still the lowest hanging fruit and thus is more targeted, we have seen more attacks that involve delivery of malware, establishing of backdoors, and data and credentials theft.”
Among the new attack techniques, Team Nautilus uncovered a massive campaign targeting the auto-build of SaaS dev environments.
“This has not been a common attack vector in the past, but that will likely change in 2021 because the deployment of detection, prevention, and security tools designed to protect the build process during CI/CD flow is still limited within most organizations,” added Morag.
Recommended ITech News: STAR Announces New Member Tech Mahindra
The results of this report were contributed as input into MITRE’s creation of its new MITRE ATT&CK Container Framework. MITRE ATT&CK is used worldwide by cybersecurity practitioners to describe the taxonomy for both the offense and defense cyberattack kill chain.
The Aqua report presents detailed analysis of the high-profile attacks that Team Nautilus uncovered. Key findings include:
- Higher levels of sophistication in attacks: Attackers have amplified their use of evasion and obfuscation techniques in order to avoid detection. These include packing the payloads, running malware straight from memory, and using rootkits.
- Botnets are swiftly finding and infecting new hosts as they become vulnerable: 50% of new misconfigured Docker APIs are attacked by botnets within 56 minutes of being set up.
- Crypto-currency mining is still the most common objective: More than 90% of the malicious images execute resources hijacking.
- Increased use of backdoors: 40% of attacks involved creating backdoors on the host; adversaries are dropping dedicated malware, creating new users with root privileges and creating SSH keys for remote access.
- Volume of attacks continues to grow: Daily attacks grew 26% on average between the first half and second half of 2020.
Recommended ITech News: Teklink International Inc. Launches Cloud Nucleus an Innovative Cloud IaaS Support Service To Solve Companies
Team Nautilus utilized Aqua’s Dynamic Threat Analysis (DTA) product to analyze each attack. Aqua DTA is the industry’s only container sandbox solution that dynamically assesses container image behaviors to determine whether they harbor hidden malware. This enables organizations to identify and mitigate attacks that target cloud native environments well before deployment in production, which static malware scanners cannot detect.
Aqua Security’s 2021 “Cloud Native Threat Report: Attacks in the Wild on Container Infrastructure” is available now.
Recommended ITech News: ShiftLeft Announces Shifting Left 2.0, a Premier Virtual Event Bringing Together the Developer
