Blue Homepage Video LP BannerHomepage

Cloud Native Threat Report

Attacks in the Wild on Container Infrastructure

Cloud Native Attacks: Growing and Evolving



The threat landscape for container-based environments has quickly become more dangerous and more varied as attackers use new methods and realize the potential gains from increased cloud native adoption.  Over a six-month period, Aqua observed honeypots being attacked 17,358 times, representing a 26% increase from only six months previously.  

The increasing volume of attacks illustrates the evolving nature of threats to container-based environments.  

This report from Aqua’s Team Nautilus analyzes attacks in the cloud native stack and classifies them into 3 main groups according to their level of sophistication, providing a guide of the analysis as it applies to the MITRE ATT&CK framework. 
Key findings from this report include: 

  1. Bad actors are getting better at hiding their attacks using advanced techniques, such as executing malware straight from memory, packing binaries, and using rootkits. 
  2. Attackers are leveraging privilege-escalation techniques and attempting to escape from within containers to the host machine.
  3. Adversaries keep searching for new ways to attack cloud native environments. We identified a massive campaign targeting supply chains, the auto-build process of code repositories, registries, and CI service providers. 
Download the Report