Search This Blog

50% of Misconfigured Containers Hit by Botnets in an Hour

The results of this report were contributed as input into the development of the MITRE ATT&CK Container Framework.

 

Aqua Security announced on Monday that information gathered from container honeypots over a six-month period indicated that 50% of misconfigured Docker APIs are attacked within 56 minutes of being set up. 

According to the study, it takes the opponents' bots an average of five hours to scan a new honeypot. The quickest scan took only a few minutes, while the longest scan took 24 hours. This revelation, according to Assaf Morag, a principal data analyst with Aqua's Team Nautilus, emphasizes the need of discovering and resolving cloud misconfigurations quickly or preventing them from occurring before app deployment. 

Security professionals, according to Morag, must be aware that even the smallest misconfiguration could expose their containers and Kubernetes clusters to a cyberattack. 

“The threat landscape has morphed as malicious adversaries extend their arsenals with new and advanced techniques to avoid detection,” stated Morag. 

“Although cryptocurrency mining is still the lowest hanging fruit and thus more targeted, we have seen more attacks that involve the delivery of malware, establishing of backdoors, and data and credentials theft. Focusing on misconfigurations is important, but companies also need a more holistic approach that includes a focus on supply chain attacks.” 

The findings of this paper were incorporated into the MITRE ATT&CK Container Framework's development. Container security has been on MITRE's radar for a while, but it wasn't until later that the business started noticing enough reported activity to start analyzing the area and add it to ATT&CK, according to Adam Pennington, MITRE ATT&CK director. 

“We’ve gone from occasional anecdotes about security incidents to a number of organizations regularly detecting and talking about intrusions,” Pennington said. 

Cloud misconfigurations have become a serious risk for container users, according to Michael Cade, senior global technologist for Kasten by Veeam. 

“Misconfigurations are one of the ways that containers are uniquely exposed, basically as a default to ease development burdens. They are a likely point of ingress for container attacks, so it’s extremely important to have an effective remediation plan in place,” Cade stated.
Share it:

Botnets

Cloud Misconfiguration

Cyber Security

Research