Bad Actors Getting Better at Hiding Attacks

Bad actors are using advanced techniques, such as executing malware straight from memory, packing binaries, and using rootkits.

Attackers Using New Techniques

Attackers are leveraging privilege-escalation techniques and attempting to escape from within containers to the host machine.

Adversaries Searching For New Ways To Attack Cloud Native Environments

We identified a massive campaign targeting supply chains, the auto-build process of code repositories, registries, and CI service providers. 

Cloud Native Attacks: Growing and Evolving

The threat landscape for container-based environments has quickly become more dangerous and more varied as attackers use new methods and realize the potential gains from increased cloud native adoption. Over a six-month period, Aqua observed honeypots being attacked 17,358 times, representing a 26% increase from only six months previously.  

The increasing volume of attacks illustrates the evolving nature of threats to container-based environments.  

This report from Aqua’s Team Nautilus analyzes attacks in the cloud native stack and classifies them into 3 main groups according to their level of sophistication, providing a guide of the analysis as it applies to the MITRE ATT&CK framework. 

Research by Team Nautilus

Team Nautilus