A new threat report from Aqua Security reveals a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure.
While most attacks uncovered by Team Nautilus, Aqua’s cybersecurity research team, were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used also open the door for higher-value targets that look to exploit security gaps in container software supply chains and runtime environments.
The team observed 16,371 attacks since the beginning of 2020 that it tracked back to multiple locations across the globe. 70.7 percent of the attacks were built to mislead and conceal their malicious nature. This included the use of malicious images designed to execute scripts aimed at downloading further components from an external remote source. 95 percent of the images were designed to hijack resources for the sole purpose of cryptocurrency mining, while five percent were set to launch a DDoS attack.
Between June 2019 and January 2020, the average number of attacks against Aqua’s honeypots each day increased 50 percent, but since January until the end of June 2020 the number of attacks per day exploded, increasing by more than 250 percent.
“The attacks we observed are a significant step up in attacks targeting cloud native infrastructure. We expect a further increase in sophistication, the use of evasion techniques and diversity of the attack vectors and objectives, since the widespread the use of cloud native technologies makes them a more lucrative target for bad actors,” says Idan Revivo, head of Team Nautilus at Aqua. “Security teams are advised to take the appropriate measures both in their pipelines as well as runtime environments, to detect and intercept such attempts.”
You can find out more in the full report, available from the Aqua site.