Cloud-native security startup Aqua Security Software Ltd. today published new research revealing that it can now take less than an hour for vulnerable software container infrastructure to be exploited.

The report, coming amid a continued rise in cyberattacks targeting container infrastructure, details how bad actors are getting better at hiding their increasingly sophisticated attacks. These involve packing of payloads, running malware straight from memory and using rootkits.

The use of botnets continues to rise and they were found to be swiftly finding and infecting new hosts as they become vulnerable. Notably, 50% of new misconfigured Docker container application programming interfaces are attacked by botnets within 56 minutes of being set up. Containers are software that hosts the elements of modern software in a way that they can be used across multiple kinds of computer systems.

Cryptocurrency mining was found to be the most common objective in most attacks, with more than 90% of the malicious images executing resource hijacking script, while 40% of attacks involved creating backdoors on the host. On the latter, adversaries were dropping dedicated malware, creating new users with root privileges and creating SSH keys for remote access.

The report also uncovered a massive campaign targeting the auto-build of software-as-a-service development environments among new attack techniques being used by adversaries. “This has not been a common attack vector in the past, but that will likely change in 2021 because the deployment of detection, prevention and security tools designed to protect the build process during CI/CD flow is still limited within most organizations,” explained Assaf Morag, lead data analyst with Aqua’s Team Nautilus

The results of this report were contributed as input into MITRE’s creation of its new MITRE ATT&CK Container Framework. MITRE ATT&CK is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

“The threat landscape has morphed as malicious adversaries extend their arsenals with new and advanced techniques to avoid detection,” Morag added. “At the same time, we’re also seeing that attacks are now demonstrating more sinister motives with greater potential impact.”

Aqua Security was last in the news in March when it raised $135 million in late-stage funding. The round gave the company unicorn status for the first time with a valuation north of $1 billion.

Image: Aqua Security