According to a new report from Aqua Security, the vast majority of cyberattacks on cloud servers are designed to mine cryptocurrency rather than steal sensitive corporate data. Team Nautilus, the company's cybersecurity research team, tracked and analyzed 16,371 attacks between June 2019 and July this year to compile its new Cloud Native Threat Report. Earlier this year, cyberattacks against cloud systems exploded and Aqua Security experienced a 250% increase in the number of attacks compared to the previous year. During these attacks, cybercriminals attempted to take control of the company's honeypot servers and deploy a malicious container image to them. According to Aqua, 95% of the malicious container images uploaded to its servers were intended for cryptocurrency mining, while the rest were used to establish a DDoS infrastructure to launch future attacks.
Cyber attacks in the cloud
Based on its analysis of cyberattacks on its honeypot servers over a one-year period, Aqua Security believes that the threat landscape has shifted towards organized cybercrime rather than isolated actors working independently. The involvement of organized cybercrime groups is a cause for concern, as it has not only led to an increase in attacks, but has also increased their complexity. According to Aqua, the intrusion methods have diversified, while the complexity of the malware has also improved. The company has observed malware strains that use multi-stage payloads, 64-bit encryption to hide their presence, and techniques to disable competing malware from other cybercriminal groups on the same system. Nautilus team lead Idan Revivo provided additional insight into the company's report and offered guidance to security teams dealing with these increasingly complex threats in a press release: “The attacks we have seen are a breakthrough significant in attacks targeting cloud-native infrastructure. We expect a further increase in sophistication, the use of evasion techniques, and the diversity of attack vectors and targets, as the widespread use of cloud-native technologies makes them a more lucrative target. for bad actors Security teams are advised to take appropriate measures in both their pipelines and execution environments to detect and intercept such attempts. via ZDNet