Aqua Security: 50% of new Docker instances attacked within 56 minutes

(*56*)Where does your enterprise stand on the AI adoption curve? Take our AI survey to seek out out.

Fifty p.c of new misconfigured Docker instances are attacked by botnets within 56 minutes of being arrange,  Aqua Security stated in its 2020 Cloud-Native Report. Five hours, on common, is all it takes for an attacker to scan a new honeypot, the pure-play cloud native safety firm stated.

Above: Cryptocurrency mining stays the principle goal of most assaults, with greater than 90% of the pictures executing useful resource hijacking.

(*56*)Image Credit: Aqua Security

The majority of assaults have been targeted on crypto mining, which can be perceived as “extra of a nuisance than a extreme risk,” Aqua Security famous. However, 40% of assaults additionally concerned backdoors to achieve entry to the sufferer’s atmosphere and networks. Backdoors have been enabled by dropping devoted malware or creating new customers with root privileges and SSH keys for distant entry. More than 36% of assaults concerned worms to detect and infect new victims.

Adversaries maintain trying to find new methods to assault cloud native environments. They  should not simply in search of port 2375 (unencrypted Docker connections) and different ports associated to cloud native companies, Aqua Security famous within the analysis. There have been campaigns concentrating on provide chains, the auto-build course of of code repositories, registries, and CI service suppliers. There are additionally assaults via Docker Hub and GitHub the place adversaries relied on typo-squatting — or misspellings of standard, public initiatives — to trick builders into pulling and operating malicious container pictures or code packages.

Attackers are extending their arsenals with new and superior methods to keep away from detection, resembling leveraging privilege-escalation methods to flee from within containers to the host machine.

The report evaluation was carried out utilizing Aqua Security’s Dynamic Threat Analysis (DTA) instrument, which is powered by the open supply venture Tracee. The software program allows customers to carry out runtime safety and forensics in a Linux atmosphere utilizing eBPF (a Linux firewall framework). The attackers’ methods have been labeled in keeping with the MITRE ATT&CK framework to map the total, improved attacker arsenal all the way in which from Initial Access to Data Exfiltration, and all the things in between.

Between June 2019 and December 2020, the group at Aqua noticed that botnets are swiftly discovering and infecting new hosts as they turn out to be susceptible. The group noticed 17,358 particular person “honeypot” assaults with elevated sophistication in phrases of privilege escalation, hiding and persistence. The common quantity of assaults additionally rose -– from 12.6 per day in second half of 2019 to 77 per day within the first half of 2020. By the second half of 2020, the quantity common quantity of assaults was 97.3 per day.

Read Aqua Security’s full Cloud Native Threats report and detailed attack analysis.


VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve information about transformative know-how and transact.

Our web site delivers important data on information applied sciences and techniques to information you as you lead your organizations. We invite you to turn out to be a member of our group, to entry:

  • up-to-date data on the themes of curiosity to you
  • our newsletters
  • gated thought-leader content material and discounted entry to our prized occasions, resembling Transform 2021: Learn More
  • networking options, and extra

Become a member

Recommended For You

About the Author: Daniel