IT Brief Australia logo
Technology news for Australia's largest enterprises
Story image

New report reveals evolving techniques targeting cloud-native environments

By Contributor
Fri 6 May 2022

Article by AquaSecurity CISO, Paul Calatayud.

Companies are adopting cloud-native technologies faster than ever before. Unfortunately, with new technology comes new threats and challenges, so it’s no surprise that we’re seeing an increasing number of cyber threats targeting cloud-native environments.

A recent report from Team Nautilus focuses on uncovering the specific threats and attacks that target cloud-native. The report summarises observations and discoveries made throughout 2021 based on actual attacks in the wild and sheds light on the newest threats facing practitioners in the cloud-native threat landscape.

To investigate attacks in the wild, researchers utilised honeypots that lure attackers and trick them into conducting their activities in an environment that’s controlled and monitored by researchers. This approach allows them to collect indicators of compromise, including malicious files, malicious network communication, indications of container escape, malware, crypto-miner activity, code injection and backdoors.

To investigate supply-chain attacks against cloud-native applications, the team examined images from public registries and repositories, such as NPM and Python Package Index. Observations were augmented with data from Shodan, the search engine for internet-connected devices.

Key findings

  1. An increase in sophistication. Attacks are becoming even more sophisticated, with rapidly advancing threat actors’ tactics, techniques, and procedures. In 2021, backdoors were encountered in 54% of attacks, an increase of 9 percentage points compared to 2020. The usage of worms rose by 10 percentage points to 51% of attacks, compared with 41% the previous year. The team also observed more sophisticated activity involving rootkits, fileless execution, and loading kernel modules.
     
  2. A shift to Kubernetes. Adversaries shifted their attention from Docker to Kubernetes and the CI/CD pipeline. Threat actors broadened their targets to include CI/CD environments and vulnerable Kubernetes deployments and applications. The proportion and variety of observed attacks targeting Kubernetes increased. Based on the observed attacks, the number of malicious images with the potential to target Kubernetes environments increased by 10 percentage points, from 9% in 2020 to a full 19% in 2021.
     
  3. Supply-chain continues to be effective. Supply-chain attacks represent 14.3% of the sample of images from public image libraries*. An analysis of over 1,100 container images uploaded to one of the world’s largest image communities and libraries in the past year revealed that 13% were related to potentially unwanted applications, such as crypto-miners, and 1.3% were related to malware.  *This sample is not a statistically significant sample size of all public image libraries.
     
  4. Log4j zero-day vulnerability immediately exploited in the wild. The popular logging library is estimated to be present in over 100 million instances globally. Once the honeypot was set up, some of the largest botnets—including Muhstik and Mirai—began targeting it within minutes. Researchers detected multiple malicious techniques, including known malware, fileless execution, files that were downloaded and executed from memory, and reverse shell executions.
     
  5. TeamTNT doesn’t retire. The most prolific threat actor targeting cloud-native environments, TeamTNT, announced its retirement in December 2021 but was still actively attacking honeypots a month later. However, new tactics made it unclear if the ongoing attacks originated from automated attack infrastructure left operating or if TeamTNT faked its retirement. It appears that some of the command-and-control servers, a third-party registry, and a worm are still operational and infecting new targets.

 
Defending against evolving threats

Report data shows that although attackers are becoming more sophisticated, they’re equally on the search for easy, broad targets, such as Kubernetes.  

And while the following veteran cloud-native attackers (e.g., Team TNT) are slowing down their activity, new attackers from the traditional security space are entering the cloud-native space.

We recommend proactive measures for practitioners:

  1. Implement runtime security: The increased use of backdoors, worms, rootkits and other sophisticated tactics demonstrates that runtime security is a key component of any cloud-native security strategy. This is equally the case as we see increases in supply-chain attacks that don’t rely on vulnerabilities. However, they can introduce them—in which the actual attacker behaviour might manifest only in runtime. The timeline of Log4j, with attackers targeting honeypots within hours of a newly available exploit opportunity, also emphasises the need for runtime protection.
     
  2. Utilise layered Kubernetes security: Kubernetes security is a broad attack vector. The targeting of Kubernetes specific elements, such as kubelets and API servers, and the exploitation of Kubernetes UI tools reinforce the need to secure Kubernetes environments both at the container and orchestrator level. A layered approach is the only way to cover all your bases in the event that an attacker has found a way in.
     
  3. Implement scanning in development: Vulnerabilities like Log4j show us how critical scanning is in development and also how critical it is to invest in tooling that allows practitioners to gain visibility across the entire cloud-native stack.
Related stories
Top stories
Story image
Digital Transformation
Munro Footwear Group chooses Boomi to assist with digitisation strategy
Munro Footwear Group (MFG) has selected Boomi to assist with its eCommerce and digital transformation roadmap goals.
Story image
Telecommunications
WiFi as a Service market to reach $26 billion through 2032
As a result of the easy management of wireless infrastructure over cloud services, WaaS is experiencing rapid growth.
Story image
Southern Cross Cable
Southern Cross Cable launches the SX NEXT cable to connect NZ to the world
The new Southern Cross NEXT fibre cable (SX NEXT) is set to connect Australasia to the US and further enhance connectivity between New Zealand, Australia, and the US.
Story image
Microsoft
Elders signs five-year agreement with Microsoft to boost innovation
Australian agribusiness Elders has signed a five-year agreement with Microsoft that looks to transform its customer experience, efficiency and sustainability outcomes.
Story image
Apple
Jamf introduces new content filtering solution for education providers
Jamf has announced the launch of Jamf Safe Internet, a new offering that looks to deliver a safe online experience to students while offering better management options for admins.
Story image
IDTechEx
The next stage for 5G in thermal materials - IDTechEx
IDTechEx says higher frequency deployments, such as mmWave devices and very different station types such as small cells, present their own technological evolution and, with it, thermal challenges. 
Story image
Artificial Intelligence
Dynatrace extends automatic release validation capabilities
Dynatrace has extended its platform release validation capabilities to improve user experience at every stage of the software development lifecycle.
Story image
Cybersecurity
How organisations can mitigate IoT and IIoT security risks
IoT and IIoT come with inherent risks because they are often deployed faster than they can be secured, putting organisations in danger of cyber threats. Here are tips on how to mitigate those risks.
Story image
Wiise
Four things wholesale distributors need to consider for FY2023
In a post-pandemic world, there are many things for a distribution business to juggle. ERP solutions company Wiise narrows down what companies should focus on.
Story image
ASI Solutions
Western Australia CUA panel picks ASI as preferred supplier
Western Australia's Common User Arrangement (CUA) panel has chosen ASI Solutions as a preferred supplier for device hardware.
Story image
Media
Registrations for the W.Media Sydney Cloud and Datacenter Convention 2022 now open
Are you a C-Level executive looking to enhance your knowledge in the cloud and data center space in order to get the best results for your company?
Productivity
Discover the 5 ways your ERP may be letting you down. Is your current system outdated, difficult to manage, and costing you a fortune?
Link image
Story image
Artificial Intelligence
Eight top DevSecOps trends to support IT innovation in 2022
The use of DevSecOps practices is growing, as it is increasingly seen as the best way to produce high-quality and secure code. So what are the current trends?
Story image
Enterprise Resource Planning / ERP
Five ways your ERP is letting you down and why it's time for a change
Wiise explains while moving to a new system may seem daunting, the truth is that legacy systems could be holding your business back.
Story image
Data Protection
Five signs your business is ready to move to the cloud
Many organisations are thinking about moving to the cloud. But what are the signs you are ready, and what are the reasons to move?
PwC
WSLHD and PwC’s Consulting Business came together to solve through the challenges of COVID-19. A model of care was developed to the NSW Health Agency for Clinical Innovation guidelines with new technology platforms and an entirely new workforce.
Link image
Story image
Document Management
Regaining digital trust and enhancing digitisation in Australian Government agencies
Having a digitised ecosystem of documents, tools and data can help bolster security, improve workflow and ultimately create better services.
Story image
Remote Working
RDP attacks on the rise, Kaspersky experts offer advice
"Given that remote work is here to stay, we urge companies to seriously look into securing their remote and hybrid workforce to protect their data."
Story image
Accounting
Four factors to consider when choosing the right job accounting solution
Progressive job-based businesses can achieve success by strengthening their ability to quantify every cost attributable to the delivery of an outcome for a customer.
Story image
Artificial Intelligence
Salesforce announces new innovations for financial services
Salesforce has launched expanded financial services that offer more targeted and trusted automation to help teams unlock insights, deliver better customer service, and drive operational efficiencies.
Story image
Capital
Rubber Monkey gears up for Aussie market with latest capital raise
Rubber Monkey is seeking to raise up to NZ$2.5 million of new capital through online investment platform, Snowball Effect.
Story image
Airwallex
How Airwallex helps businesses achieve globalisation success
As markets continue to shift, businesses need to be able to provide the same quality of service for customers regardless of where they are located around the world.
Story image
Samsung
Monitors are an excellent incentive for getting employees back
The pandemic has taught us that hybrid working is a lot easier than we would’ve thought, so how can the office be made to feel as comfortable as home? The answer could be staring you in the face right now.
Story image
Infrastructure
Video: 10 Minute IT Jams - An update from Paessler
Sebastian Krüger joins us today to discuss how unified infrastructure monitoring enables MSPs to seamlessly deliver services to their clients.
Story image
Metaverse
How the metaverse will change the future of the supply chain
The metaverse is set to significantly change the way we live and work, so what problems can it solve in supply chain management?
Story image
Recruitment
Thales on recruitment hunt for next disruptive innovations
"Recruiting new talent is part of Thales's belief in the power of innovation and technological progress to build a safer, greener and more inclusive world."
Story image
Cybersecurity
Delinea’s Joseph Carson recognised with OnCon Icon Award
Delinea chief security scientist and advisory CISO Joseph Carson has been recognised as a Top 50 Information Security Professional in the 2022 OnCon Icon Awards.
Story image
Artificial Intelligence
Accenture shares the benefits of supply chain visibility
It's clear that gaining better visibility into the supply chain will help organisations avoid excess costs, inefficiencies, and complexity to ultimately improve their bottom line.
Story image
Artificial Intelligence
Decision Inc. partners with provenio.ai to expand offering
Decision Inc. Australia has partnered with provenio.ai to expand its offering to clients in the retail, FMCG, manufacturing, supply chain and logistics sectors.
Story image
Telstra
Ericsson and Ciena, Telstra enhance service capacity for Telstra's optical network
Ericsson, Telstra, and Ciena have announced new enhancements to Telstra's Next Generation Optical Network, which will increase the service capacity of Telstra's optical network to 400 GE (Gigabit per Second Ethernet).
Story image
Ransomware
Businesses unprepared to defend against ransomware attacks
Ransomware attacks continue to impact organisations worldwide with high costs, but businesses are still largely unprepared.
Supply chain
Discover the 4 critical priorities for wholesale distribution businesses in FY23. Are you worried about how supply chain issues may affect your business in 2023?
Link image
Story image
Artificial Intelligence
Siemens expands NVIDIA partnership for industrial metaverse
Siemens is expanding its partnership with NVIDIA to enable the industrial metaverse and increase the use of AI-driven digital twin technology.
Story image
Malware
Colt launches new SASE Gateway solution with Versa
Colt Technology Services’ customers now have access to an integrated full SASE solution that brings together SD WAN and SSE features.
Story image
Management
MYOB snaps up Sydney-based management software specialists
MYOB has announced the acquisition of Sydney-based business management software and support specialists, GT Business Solutions.
PwC
PwC's Consulting Business and PwC's Indigenous Consulting are proud to play an important role in helping Australian Indigenous Mentoring Experience build IMAGI-NATION, a free online university for marginalised communities around the world.
Link image
Story image
Cybersecurity
Palo Alto Networks' cloud security platform receives IRAP assessment
"We provide help protect all forms of compute, cloud native services and access to data within public and private sectors."
Digital Transformation
Discover the 5 signs your business is ready for a cloud-based ERP. Is your business being left behind as more of your competitors switch to the cloud?
Link image
Project management
Discover the 4 crucial factors for choosing the right job-costing solution. Is your team struggling to cost jobs and keep projects running on budget?
Link image
Story image
Cybersecurity
Tech and data’s role in the changing face of compliance
Accenture's study found that 93% of respondents agree or strongly agree new technologies such as AI and cloud make compliance easier.
Story image
CSG
To win at 5G, telcos must tame their quoting chaos
The catalogs of CSP (communication service providers) market offerings are set to explode as new digital services emerge, powered by B2B2X business models.
Story image
Multi Cloud
Cloud is a tool, not a destination
For many years, “cloud” has been thought of as a destination which has led to a misguided strategy that sees an enterprise trying to shift all its applications to a single cloud provider – regardless of the specific needs and nuances of each individual workload.
Story image
Cybersecurity
Without trust, your security team is dead in the water
The rise of cyberattacks has increased the need for sound security that works across any type of business, but with any change, buy-in is essential. Airwallex explains why.
Story image
Payroll
How New South Wales state departments achieved cloud migration success
State departments in New South Wales are heading to the cloud to achieve better workflow solutions, and one company is paving the way for their success.