From 2019 to 2020 there has been a significant increase in the percentage of cyberattacks on cloud systems, by 250% in fact.

Firstly, attacks against cloud systems mushroomed at the start of 2020 according to the 2020 Cloud Native Threat Report put together by Aqua Security. They tracked and analysed over 16,000 attacks, noting the enormous increase in attacks from the previous year of 250%.

After analysing the cyberattacks recorded in cloud honeypot servers for 12 months, it also found an important trend. Hackers target cloud infrastructure as a rule to deploy crypto-mining malware. In other words, they do this in preference of extracting sensitive corporate information, setting up DDoS infrastructure, or any other form of cybercrime.

So, during the attacks and once the hackers take control of the honeypot servers they download and deploy a malicious container image. Importantly, 95% of these images were aimed towards mining cryptocurrency, say Aqua Security. The other 5% are used for setting DDoS infrastructure, a rare occurrence, until recently.

Aqua said, their “analysis suggests that the threat landscape shifted towards organized cybercrime, which is investing in infrastructure.”

Therefore, as a result of organised cybercrime, it raised the complexity of the intrusions and has led to a spike in attacks.

Firstly, it meant intrusion methods diversified.

Secondly, malware complexity improved.

Meanwhile the organised cybercrime groups are:

  1. scanning the internet for cloud servers exposed online without a password
  2. exploiting vulnerabilities in unpatched systems
  3. carrying out brute-force attacks
  4. co-ordinating supply chain attacks

Supply chain attacks are where hackers, plant malware in regular-looking container/server images that they upload to public registries.

After the image is deployed, the malware stored inside these malicious containers springs into action and performs malicious actions, says Aqua.  This makes it impossible to detect malicious payloads using static analysis or signature-based security systems.

Above all, more and more organised cybercrime groups are using supply-chain attacks as a method of targeting companies managing cloud infrastructure. For example, two recent supply-chain attacks are Malicious Docker Hub Container Images Used for Cryptocurrency Mining and Attacker Building Malicious Images Directly on Your Host.

In addition, the complexity of the malware is slowly getting better and will soon be as good as malware seen targeting desktops. Aqua said it saw malware strains using:

Firstly, multi-stage payloads,

Secondly, 64-bit encoding to hide their malicious code

And lastly, techniques to disable competing malware on the same system.

In other words, cybercrime trends that are a huge concern for business that are focused on generating revenue and in the easiest possible way. By mining cryptocurrency (Monero) on the hacked servers

Cybercriminals will never stop trying to infiltrate and exploit in order to steal money.

Please view Aqua Security’s 71-page 2020 Cloud Native Threat Report for more details.