It has certainly been a rough year and just as life constantly evolves, so do cyber threats. So, here are a few blogs by our cyber security research group, Team Nautilus, that got the most attention from cloud native security professionals. These blogs highlight how attackers continue to get more creative over time, as we cover container image exploitation, fileless malware, Kinsing malware, sophisticated evasion techniques, and much more.
The emerging trend is clear: we’re seeing more attacks targeting the cloud native supply chain and infrastructure – highlighting the importance of adding Dynamic Threat Analysis and CSPM to your security arsenal – as these attacks are becoming increasingly sophisticated and organized. We expect that to intensify in 2021, so watch this space and subscribe to our blog (using the box on the right).
Without further ado, here are Aqua’s top five threat alerts:
We discovered a new type of attack against container infrastructure. It exploits a misconfigured Docker API port to build and run a malicious container image on the host. This was the first time we observed this attack in the wild.
TeamTNT used a crypto-mining worm to steal AWS credentials from Docker Hub. Our investigation determined that dynamic analysis could have saved security teams a lot of time and aggravation if these threats were detected and images removed from Docker Hub before being deployed.
We’ve seen a rise in the number of attacks that target container environments. One such attack targets misconfigured open Docker Daemon API ports. This persistent campaign went on for months, with attacks directed by actors with more than enough resources and infrastructure to carry out and sustain them.
We uncovered a container image that, for the first time, allows bad actors to find and exploit vulnerabilities in Kubernetes clusters. Attackers propagate this malware through a Docker Hub lookalike account intended to dupe developers into downloading malicious images.
Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers to evade common defenses and static scanning. This malware uses a rootkit to hide its running processes, then hijacks resources by executing a crypto miner from memory. This exposes a backdoor for attackers to do more damage.
You can find these, and all the other threat analysis on the Team Nautilus research page.
As we head into the new year, you can expect to see more helpful information coming from us. We’ll be covering not only threat alerts, but all things related to cloud native security.
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.
Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.