The vast majority of cyberattacks on cloud servers are designed to mine cryptocurrency as opposed to stealing sensitive company data according to a new report from Aqua Security.
Team Nautilus, the firm’s cybersecurity research team, tracked and analyzed 16,371 attacks between June 2019 and July of this year to compile its new Cloud Native Threat Report.
At the beginning of this year, cyberattacks against cloud systems skyrocketed and Aqua Security recorded a 250 percent increase in the number of attacks when compared to the previous year. During these attacks, cybercriminals tried to gain control over the company’s honeypot servers and deploy a malicious container image on them.
According to Aqua, 95 percent of the malicious container images loaded on its servers were aimed at mining cryptocurrency while the rest were used to establish DDoS infrastructure to launch future attacks.
Based on its analysis of cyberattacks on its honeypot servers over a one year period, Aqua Security believes that the threat landscape has shifted towards organized cybercrime as opposed to lone actors working independently.
The involvement of organized cybercrime groups is concerning because it has not only led to a spike in attacks but it has also raised their complexity. According to Aqua, intrusion methods have become more diversified while malware complexity has also improved. The firm observed malware strains using multi-stage payloads, 64-bit encoding to hide their presence and techniques to disable competing malware from other groups of cybercriminals on the same system.
Head of Team Nautilus Idan Revivo provided further insight on the firm’s report and offered advice for security teams dealing with these increasingly complex threats in a press release, saying:
“The attacks we observed are a significant step up in attacks targeting cloud native infrastructure. We expect a further increase in sophistication, the use of evasion techniques and diversity of the attack vectors and objectives, since the widespread the use of cloud native technologies makes them a more lucrative target for bad actors. Security teams are advised to take the appropriate measures both in their pipelines as well as runtime environments, to detect and intercept such attempts.”