Aqua Blog

Attack Vector

The Great Escape: A Blast Radius Analysis of Container Attacks

The Great Escape: A Blast Radius Analysis of Container Attacks

In 2021, container attacks have been on the rise. We observed numerous attacks that were designed to escape container environments to the underlying host, increasing the impact of the attack. But how much damage can be caused when an attacker manages to escape a container? To answer this question, we conducted an …

Continue reading ›
threat alert exploiting open Docker daemons

Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

Aqua’s research team continuously investigates and analyzes the anatomy of new attacks in the wild. Recently, we identified attacks that exploited misconfigured open Docker daemons, where attackers were actively using this attack vector to hijack environments in order to launch targeted DDoS attacks. Each of the …

Continue reading ›
DNS Spoofing on Kubernetes Clusters

DNS Spoofing on Kubernetes Clusters

In this post I’ll describe how an attacker, who manages to run malicious code on a cluster can, with no special permissive permissions, successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM (Man In The Middle) on all network traffic of pods.

Continue reading ›
Cryptocurrency Miners Abusing Containers

Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack

This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker daemon unsecured  any more than you would leave your mail server unsecured.

We’ve heard many accounts of attempted (sometimes …

Continue reading ›
Targeting Container Developers BlackHat 2017

BlackHat 2017: Multi-Stage Attack Targeting Container Developers

In just about a week we will be live on stage at BlackHat 2017 with this tersely titled talk: Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers, and we are very excited.

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...