Aqua Security says that attackers focusing on the cloud are using more sophisticated tactics in order to target Kubernetes, the software supply chains, and other targets.
Cybercriminals have been shifting their focus to cloud environments as more companies move to the cloud for managing their assets and operations. Attackers are using more sophisticated and sophisticated methods to attack cloud native environments that are sensitive and vulnerable. Aqua Security released Wednesday a report that examined the attack vectors against Kubernetes, as well as the supply chains. It also provides advice on how to protect your cloud environments.
SEE: Eight enterprise password management tools and the companies that will love (TechRepublic).
Aquas Team Nautilus created honeypots to lure attackers and trick them into creating malicious code, cryptominer activity and other malicious content for its report Tracking Software Supply Chain. Security researchers set up honeypots to watch malicious behavior and gather information on adversaries.
Aqua found that cybercriminals are utilizing new tactics, techniques, and procedures in order to target cloud-based environments. Cryptominers are the most commonly found type of malware. However, attackers are increasingly turning towards backdoors, rootkits, and credential thieves.
Backdoors allow attackers to gain remote control of compromised systems. They were present in 54%, or 9%, of all the attacks in 2021. 51% of all attacks last year were carried out by worms which replicate and spread throughout a system. This is a 10% increase over 2020.
Criminals have also switched their focus from Docker and Kubernetes. Attacks on vulnerable Kubernetes infrastructures and applications rose to 19% by 2021, compared to 9% in 2020. Kubernetes environments offer a tempting target because once an attacker has gained access, they can move laterally to expand their reach.
Over the past few years, attacks that impact an entire supply chain have increased. This has also been evident in the software supply chain. In 2021, attackers aiming to target software suppliers as well their customers or partners used a variety tactics, including exploiting opensource vulnerabilities, infecting common open source packages, compromising CI/CD tool and code integrity, manipulating the build process, and infecting other open source packages. Last year, 14.3% of samples from public image collections were supply-chain attacks.
These findings highlight the fact that attackers can target cloud native environments. Threat actors find the large attack surface of Kubernetes clusters attractive, and once they have gained access, they look for low-hanging fruits.
Aqua has a few suggestions to help organizations protect their cloud-native environments more effectively
Runtime security. Cloud-based security strategies must include runtime protection. This is particularly important to protect against supply-chain attacks, which can introduce vulnerabilities that could only be exploited during runtime.
Layer your Kubernetes security. Kubernetes UI tools are being exploited by attackers who target Kubernetes elements like API servers and kubelets. You need to protect your Kubernetes environments at both the orchestrator and container levels. This strategy is essential to counter any attack against Kubernetes ecosystem.
Activate scanning during development. Log4j is a sign that security scanning should be done during the development phase. You need tools that provide visibility into your entire cloud native stack.
Morag said that attackers are more active now than ever before and are targeting vulnerabilities in applications, open-source and cloud technology more often. Devops, developers, and security professionals must search for cloud-native security solutions. Protecting environments with proactive and preventative security measures will ensure stronger security.
