Sophisticated new attacks target container supply chains and infrastructure
New research reveals a continued rise in cyberattacks targeting container infrastructure and supply chains, and shows that it can take less than an hour to exploit vulnerable container infrastructure.
The latest threat report from cloud-native security company Aqua Security offers a detailed analysis of how bad actors are getting better at hiding their increasingly sophisticated attacks.
"The threat landscape has morphed as malicious adversaries extend their arsenals with new and advanced techniques to avoid detection," says Assaf Morag, lead data analyst with Aqua's Team Nautilus. "At the same time, we're also seeing that attacks are now demonstrating more sinister motives with greater potential impact. Although cryptocurrency mining is still the lowest hanging fruit and thus is more targeted, we have seen more attacks that involve delivery of malware, establishing of backdoors, and data and credentials theft."
Among the main findings of the report are that attackers have amplified their use of evasion and obfuscation techniques in order to avoid detection. These include packing the payloads, running malware straight from memory, and using rootkits. Daily attacks have grown 26 percent on average between the first half and second half of 2020.
Botnets are finding and infecting new hosts as they become vulnerable, with 50 percent of new misconfigured Docker APIs being attacked by botnets within 56 minutes of being set up. More than 90 percent of the malicious images execute resources hijacking with the aim of mining cryptocurrency.
There's increased use of backdoors too. 40 percent of attacks involve creating backdoors on the host; adversaries are then dropping dedicated malware, creating new users with root privileges and creating SSH keys for remote access.
In addition there's been a campaign targeting the auto-build of SaaS dev environments. "This has not been a common attack vector in the past, but that will likely change in 2021 because the deployment of detection, prevention, and security tools designed to protect the build process during CI/CD flow is still limited within most organisations," adds Morag.
You can find out more in the full report, available from the Aqua site.