Aqua Blog

Attack Vector

Can You Trust Your VSCode Extensions?

Can You Trust Your VSCode Extensions?

Aqua Nautilus researchers have recently discovered that attackers can easily impersonate popular Visual Studio Code extensions and trick unknowing developers into downloading them. In original vulnerability research, we’ve uncovered a new attack method which could act as an entry point for an attack on many …

Continue reading ›
The Great Escape: A Blast Radius Analysis of Container Attacks

The Great Escape: A Blast Radius Analysis of Container Attacks

In 2021, container attacks have been on the rise. We observed numerous attacks that were designed to escape container environments to the underlying host, increasing the impact of the attack. But how much damage can be caused when an attacker manages to escape a container? To answer this question, we conducted an …

Continue reading ›
Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

Aqua’s research team continuously investigates and analyzes the anatomy of new attacks in the wild. Recently, we identified attacks that exploited misconfigured open Docker daemons, where attackers were actively using this attack vector to hijack environments in order to launch targeted DDoS attacks. Each of the …

Continue reading ›
DNS Spoofing on Kubernetes Clusters

DNS Spoofing on Kubernetes Clusters

In this post I’ll describe how an attacker, who manages to run malicious code on a cluster can, with no special permissive permissions, successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM (Man In The Middle) on all network traffic of pods.

Continue reading ›
Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack

Cryptocurrency Miners Abusing Containers: Anatomy of an (Attempted) Attack

This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker daemon unsecured  any more than you would leave your mail server unsecured.

We’ve heard many accounts of attempted (sometimes …

Continue reading ›