Attacks Increasing on Cloud Native Infrastructure and Software Supply Chain
October 07, 2020

A new threat report by Team Nautilus, Aqua Security's cybersecurity research team, reveals a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure.

While most attacks were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used open the door for higher-value targets that leverage security gaps in container software supply chains and runtime environments.

Highlights of the observed attacks include:

■ 70.7% of the attacks were built to mislead and conceal their malicious nature.

■ Attacker IP addresses mainly originated from the US and China.

■ Container images in public registries being poisoned with Potentially Unwanted Applications (PUAs) that cannot be detected using static scanning. They spring into action only when the container is running.

■ Sophisticated evasion techniques are being used to hide attacks and make them more persistent. This includes the use of "vanilla" images that seem innocuous, disabling other malware, delaying before downloading payloads into the running container, using 64-bit encoding to obfuscate malware, and more.

■ Since the beginning of 2020, the volume of attacks has dramatically increased, suggesting that there is organized infrastructure and systematic targeting behind these attacks. More than 16,000 individual attacks were tracked back to multiple locations across the globe.

■ The main motivation of the malicious actors has been to hijack cloud compute resources to mine for cryptocurrency, but Team Nautilus has seen evidence that other objectives, such as establishing DDoS infrastructure, were also attempted.

"The attacks we observed are a significant step up in attacks targeting cloud native infrastructure. We expect a further increase in sophistication, the use of evasion techniques and diversity of the attack vectors and objectives, since the widespread the use of cloud native technologies makes them a more lucrative target for bad actors," notes Idan Revivo, Head of Team Nautilus at Aqua. "Security teams are advised to take the appropriate measures both in their pipelines as well as runtime environments, to detect and intercept such attempts."

The report recommends that security organizations address these three areas:

1. Protect the supply chain - shift-left security.

2. Control what you deploy.

3. Define a clear cloud native security strategy.

Share this

Industry News

October 03, 2022

Spectro Cloud announced a major new release of its Palette Edge platform.

October 03, 2022

Arcion announced agentless change data capture (CDC) for all of its supported databases and applications.

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.

September 28, 2022

Kong introduced a number of new performance, security and extensibility features across its entire product portfolio, including major new releases of Kong Gateway, Kong Konnect, Kong Mesh, Kong Insomnia and Kong Ingress Controller, as well as new projects from the Kong Incubator.

September 28, 2022

BroadPeak Partners announced the availability of the new K3 API Connector.

September 28, 2022

Aqua Security announced a new end-to-end software supply chain security solution.

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.