"Attacks Against Container Infrastructures Increasing, Including Supply Chain Attack"
The frequency and sophistication of attacks against the container infrastructure continues to grow. Using internet scanning tools such as Masscan, a new vulnerable container can be detected within a few hours. Aqua Security's Cloud Native Report shares findings from the analysis of more than 17,000 attacks that hit its honeypots between June 2019 and December 2020. According to the report, it takes an average of five hours for adversaries to detect a new misconfigured container, with the fastest detection time being within a few minutes and the longest being 24 hours. In half of the cases, a new container was detected in less than one hour. Public search engines like Shodan and Censys continue to be used by some adversaries to find misconfigurations. When a host is compromised, the adversary will likely use worms to detect and infect new hosts, thus increasing the frequency of scanning and the likelihood of detecting new misconfigurations. Over 90 percent of the attacks were found to be designed to hijack cryptocurrency mining resources. Most of the attacks are related to the Kinsing malware campaign that downloads a cryptominer. Aqua also warned that more than 40 percent of the attacks involve backdoors. The frequency of attacks has increased significantly from an average of 12.6 per day in H2 2019 to 77 per day in H1 2020 and 97.3 in H2 2020. Based on the honeypots, Russia launched the greatest number of attacks, followed by the U.S. This article continues to discuss key findings from Aqua Security's Cloud Native Report on attacks against the container supply chain and infrastructure.