"Container Supply Chain Attacks Cash In on Cryptojacking"

Threats to cloud-native infrastructure are increasing, especially as attackers target cloud and container resources to fuel their illicit cryptomining operations. According to Sysdig's 2022 Cloud-Native Threat Report, cybercriminals are targeting cloud resources in order to both propagate and run cryptojacking enterprises in schemes that cost victims $50 in cloud resources for every $1 worth of cryptocurrency mined from these compute reserves. Although threat actors will attack any vulnerable cloud or container resources they can reach to carry out money-making cryptomining schemes, they are also strategic. Many software supply chain attacks are designed to spawn cryptominers through infected container images. Attackers use malicious container images as an effective attack vehicle in addition to the source code dependencies most commonly associated with offensive supply chain attacks. Cybercriminals are exploiting the development community's trend of sharing code and open source projects through premade container images on container registries such as Docker Hub. Container images have all the necessary software installed and configured in a simple-to-deploy workload. While this saves developers a lot of time, it also opens the door for attackers to create images with malicious payloads built in and then seed platforms like Docker Hub with their malicious wares. To get that malicious image running, a developer only needs to run a Docker pull request from the platform. Furthermore, the Docker Hub download and installation process is unclear, making it even more difficult to identify potential issues. This article continues to discuss key findings and points shared in Sysdig's 2022 Cloud-Native Threat Report.

Dark Reading reports "Container Supply Chain Attacks Cash In on Cryptojacking"