LaunchDarkly announced the private preview of Warehouse Native Experimentation, its Snowflake Native App, to offer Data Warehouse Native Experimentation.
Attacks Increasing on Cloud Native Infrastructure and Software Supply Chain
October 07, 2020
A new threat report by Team Nautilus, Aqua Security's cybersecurity research team, reveals a growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure.
While most attacks were aimed at abusing public cloud compute resources for cryptocurrency mining, the methods used open the door for higher-value targets that leverage security gaps in container software supply chains and runtime environments.
Highlights of the observed attacks include:
■ 70.7% of the attacks were built to mislead and conceal their malicious nature.
■ Attacker IP addresses mainly originated from the US and China.
■ Container images in public registries being poisoned with Potentially Unwanted Applications (PUAs) that cannot be detected using static scanning. They spring into action only when the container is running.
■ Sophisticated evasion techniques are being used to hide attacks and make them more persistent. This includes the use of "vanilla" images that seem innocuous, disabling other malware, delaying before downloading payloads into the running container, using 64-bit encoding to obfuscate malware, and more.
■ Since the beginning of 2020, the volume of attacks has dramatically increased, suggesting that there is organized infrastructure and systematic targeting behind these attacks. More than 16,000 individual attacks were tracked back to multiple locations across the globe.
■ The main motivation of the malicious actors has been to hijack cloud compute resources to mine for cryptocurrency, but Team Nautilus has seen evidence that other objectives, such as establishing DDoS infrastructure, were also attempted.
"The attacks we observed are a significant step up in attacks targeting cloud native infrastructure. We expect a further increase in sophistication, the use of evasion techniques and diversity of the attack vectors and objectives, since the widespread the use of cloud native technologies makes them a more lucrative target for bad actors," notes Idan Revivo, Head of Team Nautilus at Aqua. "Security teams are advised to take the appropriate measures both in their pipelines as well as runtime environments, to detect and intercept such attempts."
The report recommends that security organizations address these three areas:
1. Protect the supply chain - shift-left security.
2. Control what you deploy.
3. Define a clear cloud native security strategy.
Industry News
February 13, 2025
SingleStore announced the launch of SingleStore Flow, a no-code solution designed to greatly simplify data migration and Change Data Capture (CDC).
February 13, 2025
ActiveState launched its Vulnerability Management as a Service (VMaas) offering to help organizations manage open source and accelerate secure software delivery.
February 12, 2025
Genkit for Node.js is now at version 1.0 and ready for production use.
February 12, 2025
JFrog signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS).
February 12, 2025
mabl launched of two new innovations, mabl Tools for Playwright and mabl GenAI Test Creation, expanding testing capabilities beyond the bounds of traditional QA teams.
February 11, 2025
Check Point® Software Technologies Ltd. announced a strategic partnership with leading cloud security provider Wiz to address the growing challenges enterprises face securing hybrid cloud environments.
February 11, 2025
Jitterbit announced its latest AI-infused capabilities within the Harmony platform, advancing AI from low-code development to natural language processing (NLP).
February 11, 2025
Rancher Government Solutions (RGS) and Sequoia Holdings announced a strategic partnership to enhance software supply chain security, classified workload deployments, and Kubernetes management for the Department of Defense (DOD), Intelligence Community (IC), and federal civilian agencies.
February 10, 2025
Harness and Traceable have entered into a definitive merger agreement, creating an advanced AI-native DevSecOps platform.
February 10, 2025
Endor Labs announced a partnership with GitHub that makes it easier than ever for application security teams and developers to accurately identify and remediate the most serious security vulnerabilities—all without leaving GitHub.
February 07, 2025
Are you using OpenTelemetry? Are you planning to use it? Click here to take the OpenTelemetry survey.
February 06, 2025
GitHub announced a wave of new features and enhancements to GitHub Copilot to streamline coding tasks based on an organization’s specific ways of working.
February 06, 2025
Mirantis launched k0rdent, an open-source Distributed Container Management Environment (DCME) that provides a single control point for cloud native applications – on-premises, on public clouds, at the edge – on any infrastructure, anywhere.
February 06, 2025
Hitachi Vantara announced a new co-engineered solution with Cisco designed for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes.
