Story image

Rise in cyberattacks targeting container infrastructure and supply chains, 50% attacks happen with one hour

By Ryan Morris-Reade, Tue 22 Jun 2021

Aqua Security has found a rise in cyberattacks targeting container infrastructure and supply chains, with 50% of vulnerable targets attacked within one hour. 

Cloud native security company, Aqua Security, has published new research by Team Nautilus, finding an ongoing rise in cyberattacks targeting container infrastructure and supply chains. With the research demonstrating that it can now take less than an hour to exploit vulnerable container infrastructure.

The report, Cloud Native Threat Report: Attacks in the Wild on Container Infrastructure, gives a detailed overview of how attackers are becoming better at hiding complex attacks.

“The threat landscape has morphed as malicious adversaries extend their arsenals with new and advanced techniques to avoid detection,” says Aqua’s Team Nautilus lead data analyst, Assaf Morag.

“At the same time, we’re also seeing attacks are demonstrating more sinister motives with greater potential impact. Although cryptocurrency mining is still the lowest hanging fruit and thus is more targeted, we have seen more attacks that involve delivery of malware, establishing of backdoors, and data and credentials theft.”  

While conducting the research, Team Nautilus found a massive campaign targeting the auto-build of SaaS dev environments.  

“This has not been a common attack vector in the past, but that will likely change in 2021 because the deployment of detection, prevention, and security tools designed to protect the build process during CI/CD flow is still limited within most organisations,” says Morag. 

The findings of the report contributed to MITRE’s new MITRE ATT&CK Container Framework. MITRE ATT&CK is used worldwide by cybersecurity practitioners to describe the taxonomy for both the offence and defence cyberattack kill chain. 

Key findings of the report include: 

  • Higher levels of sophistication in attacks: Attackers have amplified their use of evasion and obfuscation techniques in order to avoid detection. These include packing the payloads, running malware straight from memory, and using rootkits. 
  • Botnets are swiftly finding and infecting new hosts as they become vulnerable: 50% of new misconfigured Docker APIs are attacked by botnets within 56 minutes of being set up.   
  • Crypto-currency mining is still the most common objective: More than 90% of the malicious images execute resources hijacking.
  • Increased use of backdoors: 40% of attacks involved creating backdoors on the host, adversaries are dropping dedicated malware, creating new users with root privileges, and creating SSH keys for remote access.
  • The volume of attacks continues to grow: Daily attacks grew 26% on average between the first half and second half of 2020. 
Recent stories
More stories