Aqua Security: 50% of new Docker instances attacked within 56 minutes

<article id="post-2701140" class="border-top clearfix article-wrapper post-2701140 post type-post status-publish format-standard has-post-thumbnail category-cloud category-enterprise category-security category-business tag-aqua-security tag-category-computers-electronics-computer-security tag-cloud-native-attacks tag-cryptocurrency-mining tag-docker tag-docker-containers vb_post_designations-homepage has-thumbnail"> <aside id="" class="MainBlock__sidebar"> <div class="vb_widget widget sidebar-widget-featured-event"> <h2 class="widgettitle">Transform 2021</h2> <p class="sidebar-widget-featured-event-description">Elevate your enterprise data technology and strategy.</p> <p> July 12-16</p> <p> <a href="https://venturebeat.com/event/transform-2021/register/#?utm_source=vbhouse&utm_medium=sidebar&utm_content=vbregistration&utm_campaign=elavate" rel="noopener" target="_blank" class="sidebar-widget-featured-event-cta">Register Today</a> </div> <div id="browsi_left_margin"></div> </aside> <p><!-- #secondary .widget-area --></p> <div class="article-content"> <div id="boilerplate_2682874" class="post-boilerplate boilerplate-before"> <p><em>Where does your enterprise stand on the AI adoption curve? Take our <a href="https://forms.gle/FUMFWyRoE7BqoskeA" data-type="URL" data-id="https://forms.gle/FUMFWyRoE7BqoskeA" target="_blank" rel="noreferrer noopener">AI survey</a> to find out. </em></p> <hr class="wp-block-separator is-style-wide"> </div> <p>Fifty percent of new misconfigured <a href="https://venturebeat.com/2020/05/27/docker-hopes-to-resurrect-its-fortunes-with-new-developer-focus/">Docker</a> instances are attacked by botnets within 56 minutes of being set up,  <a href="https://venturebeat.com/2021/03/10/aqua-security-protects-containerized-apps-and-infrastructure-raises-135m/">Aqua Security</a> said in its 2020 Cloud-Native Report. Five hours, on average, is all it takes for an attacker to scan a new <a href="https://venturebeat.com/2018/04/28/how-security-firms-lead-hackers-into-honey-pots/">honeypot</a>, the pure-play cloud native security company said.</p> <div> <div id="attachment_2701197" class="wp-caption aligncenter" style="max-width:700px;"> <p class="wp-caption-text">Above: Cryptocurrency mining remains the main objective of most attacks, with more than 90% of the images executing resource hijacking.</p> <div class="vb_image_source"><em>Image Credit: Aqua Security</em></div> </div> </div> <p>The majority of attacks were focused on <a href="https://venturebeat.com/2018/12/18/mcafee-cryptomining-and-iot-malware-both-rose-over-70-in-q3-2018/">crypto mining</a>, which may be perceived as “<a href="https://venturebeat.com/2018/01/31/cisco-talos-warns-about-malicious-cryptocurrency-mining-attacks/">more of a nuisance</a> than a severe threat,” Aqua Security noted. However, 40% of attacks also involved backdoors to gain access to the victim’s environment and networks. Backdoors were enabled by dropping dedicated malware or creating new users with root privileges and SSH keys for remote access. More than 36% of attacks involved worms to detect and infect new victims.</p> <div id="ac-lre-player-ph"> <div id="ac-lre-player"></div> </div> <p>Adversaries keep searching for new ways to attack cloud native environments. They  are not just looking for port 2375 (unencrypted Docker connections) and other ports related to cloud native services, Aqua Security noted in the research. There were campaigns targeting supply chains, the auto-build process of code repositories, registries, and CI service providers. There are also attacks through Docker Hub and GitHub where adversaries relied on typo-squatting — or misspellings of popular, public projects — to trick developers into pulling and running malicious container images or code packages.</p> <p>Attackers are extending their arsenals with new and advanced techniques to avoid detection, such as leveraging privilege-escalation techniques to escape from within containers to the host machine.</p> <p>The report analysis was conducted using Aqua Security’s Dynamic Threat Analysis (DTA) tool, which is powered by the open source project Tracee. The software enables users to perform runtime security and forensics in a Linux environment using eBPF (a Linux firewall framework). The attackers’ techniques were classified according to the MITRE ATT&CK framework to map the full, improved attacker arsenal all the way from Initial Access to Data Exfiltration, and everything in between.</p> <p>Between June 2019 and December 2020, the team at Aqua observed that botnets are swiftly finding and infecting new hosts as they become vulnerable. The team observed 17,358 individual “honeypot” attacks with increased sophistication in terms of privilege escalation, hiding and persistence. The average number of attacks also rose -– from 12.6 per day in second half of 2019 to 77 per day in the first half of 2020. By the second half of 2020, the number average number of attacks was 97.3 per day.</p> <p>Read Aqua Security’s full <a href="https://info.aquasec.com/cloud-native-threats-aqua">Cloud Native Threats report and detailed attack analysis</a>.</p> <div id="boilerplate_2660155" class="post-boilerplate boilerplate-after"> <h3>VentureBeat</h3> <p>VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.</p> <p>Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:</p> <ul> <li><span style="font-weight: 400">up-to-date information on the subjects of interest to you</span></li> <li style="font-weight: 400"><span style="font-weight: 400">our newsletters</span></li> <li style="font-weight: 400"><span style="font-weight: 400">gated thought-leader content and discounted access to our prized events, such as <a href="https://events.venturebeat.com/transform2021/"><strong>Transform 2021</strong>: Learn More</a></span></li> <li style="font-weight: 400"><span style="font-weight: 400">networking features, and more</span></li> </ul> <p><a class="membership-link" href="https://venturebeat.com/venturebeat-membership-plans/">Become a member</a> </div> <p><!-- Boilerplate CSS for "after" --></p> <style type="text/css">.article-content .boilerplate-after { background-color: #F5F8FF; padding: 30px; border-left: 4px solid #000E31; line-height: 2em; margin-top: 20px; margin-bottom: 20px; }</p> <p>.article-content .membership-link { background-color: #000E31; color: white; padding: 10px 30px; font-family: Roboto, sans-serif; text-decoration: none; font-weight: 700; font-size: 18px; display: inline-block; }</p> <p>.article-content .membership-link:hover { color: white; background-color: #0B1A42; }</p> <p>.article-content .boilerplate-after h3 { margin-top: 0; font-weight: 700; }</p> <p>.article-content .boilerplate-after ul li { margin-bottom: 10px; }</p> <p>@media (max-width: 500px) { .article-content .boilerplate-after { padding: 20px; } }</style> </p></div> <p><!-- .article-content --></p> </article> <p><!-- #post-2701140 .article-wrapper --></p> <p>The post <a rel="nofollow" href="https://patabook.com/technology/2021/06/29/aqua-security-50-of-new-docker-instances-attacked-within-56-minutes/">Aqua Security: 50% of new Docker instances attacked within 56 minutes</a> appeared first on <a rel="nofollow" href="https://patabook.com/technology">Patabook Technology</a>.</p>

source https://patabook.com/blogs/100288/Aqua-Security-50-of-new-Docker-instances-attacked-within-56