DataCenterNews Asia logo
Specialist data center news for Asia
Story image

New strategies for cloud-native attacks - Aqua Security

By Zach Thompson
Mon 2 May 2022

New research from Aqua Security reveals attackers are using more sophisticated techniques to target cloud-native environments.

Through its threat research team, Nautilus, Aqua Security has published research showing that adversaries are adopting new ways to carry out attacks, utilising multiple attack components and focusing their efforts on Kubernetes and the software supply chain.

Aqua Security says the ‘2022 Cloud Native Threat Report: Tracking Software Supply Chain and Kubernetes Attacks and Techniques' offers insights into trends and crucial information for practitioners about the cloud-native threat landscape.

The research showed that adversaries are using new tactics, techniques and procedures to intentionally target cloud-native environments and that cryptominers are increasingly the most common malware threat.

Team Nautilus also found that the use of backdoors, rootkits and credential stealers has increased, indicating the adversaries' interests are greater than just cryptomining.

Backdoors allow threat actors to access systems remotely and are used to establish persistence in the compromised environment. The research showed that 54% of attacks included this strategy, compared to 45% in 2020.

Furthermore, the researchers analysed malicious container images and found that 51% of these contained worms, up from 41% in 2020.

Worms provide attackers with the means to broaden the scope of their attack without much additional effort.

Moreover, the research found threat actors also included CI/CD and Kubernetes environments as targets, and in 2021, 19% of the malicious container images analysed targeted Kubernetes, such as kubelets and API servers, an increase of 9% from the previous year.

"These findings underscore the reality that cloud native environments now represent a target for attackers, and that the techniques are always evolving," Aqua's Team Nautilus threat intelligence and data analyst lead Assaf Morag says.

"The broad attack surface of a Kubernetes cluster is attractive for threat actors, and then once they are in, they are looking for low-hanging fruit."

The report also found that the proportion and variety of observed attacks targeting Kubernetes has increased, including wider adoption of the weaponisation of Kubernetes UI tools.

Further, supply chain attacks represent 14.3% of the particular sample of images from public image libraries, showing that these attacks continue to be an effective method of attacking cloud-native environment.

The Log4j zero-day vulnerability was also immediately exploited in the wild. Team Nautilus detected multiple malicious techniques, including known malware, fileless execution, reverse shell executions, and files downloaded and executed from memory, all emphasising the need for runtime protection.

Researchers observed honeypot attacks by TeamTNT after the group announced its retirement in December 2021. However, no new tactics have been in use, so it is unclear if the group is still in operation or if the ongoing attacks originated from automated attack infrastructure. Regardless, enterprise teams should continue preventative measures against these threats.

Aqua Security says Team Nautilus utilised honeypots to investigate attacks in the wild, with images and packages from public registries and repositories examined to study supply chain attacks against cloud-native applications. These included DockerHub, NPM and Python Package Index.

In addition, Team Nautilus used Aqua Security's Dynamic Threat Analysis (DTA) offering to analyse each attack.

Aqua Security says Aqua DTA is an industry-first offering, allowing users to dynamically assess container image behaviours through a container sandbox solution to ascertain whether they have hidden malware, giving organisations the ability to recognise and mitigate attacks that stat malware scanners are unable to detect.

"The key takeaway from this report is that attackers are highly active, more than ever before, and more frequently targeting vulnerabilities in applications, open source and cloud technology," Morag says.

"Security practitioners, developers and DevOps teams must seek out security solutions that are purpose-built for cloud-native. Implementing proactive and preventative security measures will allow for stronger security and ultimately protect environments."

To ensure the security of cloud environments, Aqua Security's Team Nautilus recommends implementing runtime security measures, a layered approach to Kubernetes security and scanning in development.

Related stories
Top stories
Story image
Sustainability
Empyrion DC announces 40MW green data center in South Korea
Empyrion DC has announced it is developing a 40MW green data center in Gangnam, Seoul, South Korea (GDC).
Story image
Google Cloud
Google Cloud to open first cloud region in NZ - among others
Google Cloud has announced plans to bring three new cloud regions, one each in New Zealand, Malaysia and Thailand.
Story image
Data
Talend announces support for Amazon Redshift Serverless
Talend has announced its support for Amazon Redshift Serverless, with the company saying the integration reinforces its commitment and leadership in supporting businesses.
Story image
Storage
DCI Data Centers breaks ground on AKL02 center
DCI Data Centers has commenced construction on Auckland's largest data center.
Story image
Data center
Macquarie Asset Management acquires stake in ST Telemedias VIRTUS Data Centres
"We will further strengthen VIRTUS' focus on sustainability by backing investment in its technology and enhancing the lifecycle management of its equipment."
Story image
Partnership
NCS, FPT Software launch Strategic Delivery Centre in Vietnam
The new partnership is designed to support increasing demand for high quality digital services across the region.
Story image
Data Centre Maintenance / Management
Vertiv releases update to Smart InfraSight platform
Vertiv has unveiled an update to its Smart InfraSight data centre management platform, featuring improved intelligence and the ability to manage multiple IT devices.
Story image
Hybrid Cloud
ERP implementations biggest concern for customers - report
"Companies are setting a higher bar for their ERP providers to deliver on more than just the technology itself."
Story image
Artificial Intelligence
Vectra AI named as AWS security competency partner
Threat detection and response company Vectra AI has announced that it has become an Amazon Web Services Security Competency Partner.
Story image
Microsoft
Cloudian’s HyperStore validated to work with Microsoft Azure
Cloudian’s HyperStore object storage is now validated to work with Microsoft Azure Stack HCI, a joint offering that will give customers public cloud benefits within their own data centres.
Story image
Sustainability
ST Engineering launches cooling system for greener data centers
ST Engineering says its Airbitat DC Cooling System cools down data centers and achieves annual net energy savings of more than 20% over conventional chiller systems alone. 
Story image
Schneider Electric
Schneider Electric University adds new courses to lineup
The new updates include fundamentals of power, cooling, racks and physical security, and guidance on how to optimise data centre designs.
Story image
Energy
Sustainability huge factor for APAC data centre managers
A new report reveals that 85% of data centre managers in APAC believe that sustainability will significantly impact operations and decision making.
Story image
Infrastructure
Global investment in data centers more than doubled in 2021
DLA Piper's latest global survey finds the total investment in data center infrastructure worldwide rose from USD $24.4 billion in 2020 to USD $53.8 billion in 2021.
Story image
SaaS
Iron Mountain InSight SaaS platform extends capabilities on AWS
Company deepens work with AWS, helps customers to accelerate their journey from physical to digital on a global scale.
Story image
Data center
Tokyo, Sydney and Seoul lead data center growth in APAC
Knight Frank’s latest report in partnership with DC Byte, which looks at centers in APAC, has found the region had an increase of 488 MW of new capacity in Q1, driven mainly by Tokyo, Sydney and Seoul.
Story image
Macquarie Data Centres
Macquarie deal to pioneer CO2-cutting data centre tech in Australia
Macquarie Data Centres has signed a multi-year deal with ResetData, an Australian first provider using Submer data centre technology. 
Story image
Development
Intel Labs unveils integrated photonics research advancement
"This new research demonstrates that its possible to achieve well-matched output power with uniform and densely spaced wavelengths."
Story image
Sustainability
Kohler Power Systems diesel generators now more sustainable
Kohler Power Systems has announced its diesel generators are compatible with Hydrotreated Vegetable Oil (HVO), a major breakthrough in the usage of alternative fuels in backup power.
Story image
Microsoft
Schneider Electric named Microsoft Energy & Sustainability Partner of the Year
"The award is a great recognition of the collaborative impact we are making together, to tackle climate change."
Story image
Data center
Schneider Electric launches education platform to address data center talent shortage
Schneider Electric has announced a series of updates to its vendor-agnostic and CPD-accredited digital education platform.
Story image
Public Cloud
Public cloud services revenues top $400 billion in 2021
"For the next several years, leading cloud providers will play a critical role in helping enterprises navigate the current storms of disruption."
Story image
Cybersecurity
Cloudflare expands A/NZ footprint with four new data centres
New data centres in Adelaide, Canberra, Hobart, and Christchurch will bring faster, more reliable, and more secure internet to A/NZ.
Story image
Migration
SNP unveils next generation of CrystalBridge software platform
Data is a key pillar of every customer-centric organisation, as it relies on agile decisions to become increasingly sustainable and intelligent.
Story image
Data center
Keppel deepens inroads into China’s data centre market
This latest development marks Keppel’s sixth project since entering mainland China’s data centre market in 2020. 
Story image
Big Data
DataStax, Nanyang Polytechnic partner to grow big data management talent in Singapore
The collaboration will deliver technology, curricula and certifications in big data management to accelerate innovation and sustainability.
Story image
Cybersecurity
Zscaler launches co-located data centres in Canberra and Auckland
The investment will offer public and private sector enterprises greater resilience in support of their zero trust cybersecurity posture.
Story image
Migration
New Relic launches Agentless Monitoring for SAP Solutions
The company says the solution empowers IT teams to better support business operations by harnessing existing SAP data sources to access all necessary telemetry data.
Story image
Amazon Web Services / AWS
Qualtrics goes live on AWS Cloud Infrastructure in Japan
Organisations across Japan will now be able to access the Qualtrics XM/OS platform locally via data centre in the AWS Asia Pacific (Tokyo) region.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
Southern Cross Cable
Southern Cross Cable launches the SX NEXT cable to connect NZ to the world
The new Southern Cross NEXT fibre cable (SX NEXT) is set to connect Australasia to the US and further enhance connectivity between New Zealand, Australia, and the US.
Story image
Infrastructure
Oracle Cloud Infrastructure expands distributed cloud services
“Distributed cloud is the next evolution of cloud computing, and provides customers with more flexibility and control in how they deploy cloud resources."
AWS Marketplace
Watch this webinar to gain building blocks for data mesh, and how AWS customers today are successfully enabling domain driven data.
Link image
Story image
Sustainability
SoftIron joins Sustainable Digital Infrastructure Alliance
SoftIron has joined the Sustainable Digital Infrastructure Alliance (SDIA), a platform designed to help the digital sector reduce its environmental impact.
Story image
Digital Realty
Digital Realty joins forces with CypressTel to deliver enhanced interconnectivity
The collaboration expands access across the Greater China region with Digital Realty's PlatformDIGITAL and CypressTel's hybrid WAN capabilities.
Story image
Amazon Web Services / AWS
Sapporo City selects Nutanix Cloud Clusters on AWS
The city first used a hyper-converged infrastructure (HCI) solution from Nutanix to modernize and improve the efficiency of its on-premise datacenter.
Story image
Hybrid Cloud
HPE GreenLake advances hybrid cloud experience with new services
"The innovations unveiled today further build on our vision to provide the market with an unmatched platform to spur innovation and drive transformation.”
Story image
Quinbrook Infrastructure Partners
Quinbrook launches $2.5 billion ‘Supernode’ 800MW data storage project
Quinbrook says the new Supernode will be one of the largest permit-approved data storage campus projects in the Southern Hemisphere.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Cloud
Cloudflare outage in 19 data centers worldwide due to own error
Cloudflare says its outage for 19 of its data centers yesterday was because of a change in a long-running project to increase resilience in its busiest locations.