Memory-based attacks increase as attackers dodge cloud defenses

A new report shows a 1,400 percent increase in fileless or memory-based attacks, which exploit existing software, applications, and protocols to perform malicious activities against cloud-based systems.

The research from Aqua Security's Nautilus research team collected honeypot data over a six-month period and shows that more than 50 percent of the attacks focused on defense evasion.

"Threat actors are more heavily focused on and increasingly successful at evading agentless solutions," says Assaf Morag, lead threat intelligence researcher for Aqua Nautilus. "The most persuasive evidence of this was our discovery of HeadCrab, the extremely sophisticated, stealthy, Redis-based malware that compromised more than 1,200 servers. When it comes to runtime security, only agent-based scanning can detect attacks like these that are designed to evade volume-based scanning technologies, and they are critical as evasion techniques continue to evolve."

The report also highlights various parts of the cloud software supply chain that can be compromised and pose a significant threat to organizations. In one specific use case, Nautilus points out more than 25,000 distinct servers or smaller organizations were vulnerable because of misconfigured Docker Daemons, with each server exposed on average for almost two months. This shows the implications of misconfigurations in the software supply chain and how they can lead to critical threats. Organizations of all sizes are at risk from misconfigurations and even minor ones can have a serious impact.

The research underlines the need for tools that 'understand' how to interpret attacks on cloud runtime environments in order to identify threats and ensure the security and integrity of business data and applications.

You can get the full report from the Aqua site or read more on the company's blog.

Image credit: achirathep/depositphotos.com