- Cyberattacks against container infrastructure and supply chains are growing in speed and sophistication, according to a report from Aqua Security released Monday. Attackers are exploiting half of new targets in less than one hour.
- Threat actors have found new ways to attack cloud-native environments, according to the report. Researchers discovered major campaigns against supply chains, going after the auto build process of code repositories, registries and continuous integration service providers.
- Cryptocurrency mining is the objective of many attacks, however adversaries are also using these attacks to deploy malware, create backdoors and steal credentials, according to the report. The report analyzes attacks during a six-month period using Aqua's Dynamic Threat Analysis tool, which is backed by an open source project called Tracee.
Malicious actors are escalating techniques to better disguise their methods of attack from being discovered, according to the report. These attacks have gone after both the software supply chain of cloud-native applications as well as the infrastructure.
The research comes at a time when cloud security is more vulnerable, with about one-third of companies using cloud-storage that can be accessed from the internet.
Attackers have become adept at hiding their tactics from those who protect these environments, the report showed. It is essentially a cat-and-mouse game as the adversary finds new ways to approach the victim, said Assaf Morag, lead data analyst with Aqua Security.
"Attackers launch campaigns," Morag said. "They find novel ways to attack. Security researchers detect these attacks. Then security tools are created to detect and protect against these attacks, so the attackers find new ways to attack."
Two to three years ago, researches often saw attacks aimed to mine cryptocurrency or DDoS attacks, Morag said. Now the attacks have been upgraded to far more serious endeavors.
Attackers are leveraging privilege escalation techniques, according to the report. These techniques are sometimes part of the attack kill chain, he said."In other words, the attackers gained initial access to the environment, and now they want to get full control over the environment and gain further access to the victim's network [or] environment," Morag said.
Morag cited a privilege escalation technique called "escape to host."
"Containers run as isolated processes on the host, if attackers are able to break that and affect other processes on the host, they may have gained further privileges and continue their attack," he said. "Attackers can hide malicious code in container images and share it through the Docker Hub public registry."