According to the reports, the cyberattacks against container infrastructure and Supply Chain have grown in terms of sophistication and frequency. While the supply chain department is the victim, the attacks have become more indirect but they are still harmful. All it takes are a few online tools that can help detect a vulnerable container in a matter of hours.
Aqua Security’s Team Nautilus has discovered and investigated 17,358 attacks between June 2019 and December 2020. They found the alleged enemies have detected the misconfigured containers in five hours. The longest time they take is 24 hours and the shortest duration is a few minutes for the detection.
Most of the time, they discover it within an hour. If a new container is established today chances are that it will be compromised the next day with a view securing it tomorrow.
Over 90% of attacks are built to hijack and steal the capital for crypto mining. Many of them are associated with the Kinsing malware campaign. Kinsing is the one that downloads crypto miners. However, crypto mining is more of a concern than a threat but Aqua has mentioned that over 40% of attacks have comprised of backdoors.
Aqua’s Cloud Native Threat Report involves the Masscan and Zgarb that are part of the function Dockergeddon. The system has the capability to detect Docker APIs, get the host information, and deploy corrupt containers.
Some researchers have dug in deep to understand the frequency of the issue and have concluded that the attackers are seeking for maximizing their gain in each attack. With the help of crypto mining, they can probably get a short-term advantage. The researchers also claimed that the long-term goal of the attackers is to get additional access to the environment and the backdoors.