Based on analysis of actual attacks, the Cloud Native Threat Report provides IT security professionals with insight into the changing tactics, techniques and procedures of cybercriminals - so they can better protect their cloud environments.
The "Cloud Native Threat Report" summarizes the investigations of Aqua's research team Nautilus from the past year. The report covers three key areas: the software supply chain, the current risk situation including vulnerabilities and misconfigurations, and runtime protection. One of the key takeaways: Criminals are investing large amounts of resources to avoid detection and gain a stronger foothold in compromised systems. Team Nautilus research has also revealed an increase in fileless or memory-based attacks that leverage existing software, applications, and protocols to execute compared to 2022.
In fact, threat actors use many techniques to obfuscate their campaigns. Aggregated honeypot data collected over a six-month period showed that more than half of the attacks were focused on evading defenses. These included masking techniques, such as executing files from /tmp, or obfuscated files or information, such as dynamic code loading. These results highlight the critical importance of run-time security.
software supply chain
In particular, the report illustrates various areas in the cloud software supply chain that can be compromised and pose a significant threat to organizations. In a specific use case, Nautilus demonstrates the effects of misconfigurations in the software supply chain. Misconfigurations pose a risk to organizations of all sizes because even minor misconfigurations can have serious repercussions.
"Threat actors are increasingly focusing on agentless solutions and are increasingly successful at evading them," said Assaf Morag, senior threat researcher at Aqua Nautilus. “The most compelling evidence of this was our discovery of HeadCrab, the extremely sophisticated Redis-based malware that compromised more than 1.200 servers. When it comes to runtime security, only agent-based scanning can detect such attacks. Because such attacks are designed to circumvent volume-based scanning technologies. This is all the more important given that evasion techniques are constantly evolving.”
More at AquaSecurity.com
About Aqua Security Aqua Security is the largest pure cloud native security provider. Aqua gives its customers the freedom to innovate and accelerate their digital transformation. The Aqua platform provides prevention, detection, and response automation across the application lifecycle to secure the supply chain, cloud infrastructure, and ongoing workloads—regardless of where they are deployed.