Skip to main content
close search
site logo
Dive Brief

Attacks against container supply chains grow more sophisticated

Published June 21, 2021
David Jones's headshot
Reporter
Illustration of locks layered above circuity.
Traitov/iStock/Getty via Getty Images

Dive Brief:

  • Cyberattacks against container infrastructure and supply chains are growing in speed and sophistication, according to a report from Aqua Security released Monday. Attackers are exploiting half of new targets in less than one hour. 
  • Threat actors have found new ways to attack cloud-native environments, according to the report. Researchers discovered major campaigns against supply chains, going after the auto build process of code repositories, registries and continuous integration service providers. 
  • Cryptocurrency mining is the objective of many attacks, however adversaries are also using these attacks to deploy malware, create backdoors and steal credentials, according to the report. The report analyzes attacks during a six-month period using Aqua's Dynamic Threat Analysis tool, which is backed by an open source project called Tracee. 

Dive Insight:

Malicious actors are escalating techniques to better disguise their methods of attack from being discovered, according to the report. These attacks have gone after both the software supply chain of cloud-native applications as well as the infrastructure. 

The research comes at a time when cloud security is more vulnerable, with about one-third of companies using cloud-storage that can be accessed from the internet. 

Attackers have become adept at hiding their tactics from those who protect these environments, the report showed. It is essentially a cat-and-mouse game as the adversary finds new ways to approach the victim, said Assaf Morag, lead data analyst with Aqua Security. 

"Attackers launch campaigns," Morag said. "They find novel ways to attack. Security researchers detect these attacks. Then security tools are created to detect and protect against these attacks, so the attackers find new ways to attack."

Two to three years ago, researches often saw attacks aimed to mine cryptocurrency or DDoS attacks, Morag said.  Now the attacks have been upgraded to far more serious endeavors. 

Attackers are leveraging privilege escalation techniques, according to the report. These techniques are sometimes part of the attack kill chain, he said."In other words, the attackers gained initial access to the environment, and now they want to get full control over the environment and gain further access to the victim's network [or] environment," Morag said.

Morag cited a privilege escalation technique called "escape to host."

"Containers run as isolated processes on the host, if attackers are able to break that and affect other processes on the host, they may have gained further privileges and continue their attack," he said. "Attackers can hide malicious code in container images and share it through the Docker Hub public registry."

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell