Containers: The ultimate Trojan horse
Containers are meant to be immutable.Once the image is made, it is what it is, and all container instances spawned from it will be identical. The container is defined as code, so its contents, intents and dependencies are explicit. Because of this, if used carefully, containers can help reduce supply chain risks.
However, these benefits have not gone unnoticed by attackers. A number of threat actors have started to leverage containers to deploy malicious payloads and even scale up their own operations. For the Sysdig 2022 Cloud-Native Threat Report, the Sysdig Threat Research Team (Sysdig TRT) investigated what is really lurking in publicly available containers.
Cryptojacking costs victims over 50-times what the attacker makes
According to a new report from Sysdig, the unified container and cloud security company, it costs $430,000 in cloud bills for an attacker to generate $8,100 in cryptocurrency revenue. This works out at a $53 cost to the victim for every $1 the cryptojacker makes.
The report takes an extensive look at TeamTNT, a notorious cloud-targeting threat actor that generates the majority of its criminal profits through cryptojacking. TeamTNT is best known for its crypto‐jacking worm activity, which began in 2019, exploiting vulnerable instances of popular key‐value store Redis.
How to use SIGKILL to rapidly terminate containers in Kubernetes
Originating from Linux, which uses a Unix operating system, SIGKILL is a common command that developers use to terminate absolutely any process. Most commonly, if anything needs to be shut down immediately as it's causing damage to the system itself, then SIGKILL is the go-to signal to use.
Alongside Linux, SIGKILL has also found itself into any developer platform that manages container systems, with the most popular example of this being Kubernetes. As one of the most drastic signals that you can execute, SIGKILL will instantly terminate a process, without giving the system the opportunity to block or ignore the signal. With this, absolutely any processes that are connected to the process you’ve killed will also terminate.