Typosquatting and credential stuffing are two of the most common ways that attackers are attempting to target companies' container infrastructure and the Docker-image supply chain, with attacks climbing nearly 600% in the second half of 2020 compared with the same period a year ago. That's according to a report released by cloud-native security provider Aqua Security on June 21.
Many attackers use passive scanning, utilizing services such as Shodan or tools such as Nmap to find servers hosting the Docker daemon or the Kubernetes container orchestration platform, attempting to attack those platforms using stolen credentials or vulnerabilities, according to the report. Another popular attack uses typosquatting — creating image names similar to legitimate images — and vanilla images that have a variant of a popular image, such as Alpine Linux, attempting to benefit from developer mistakes.
When attackers gain access, they most often install cryptominer software or attempt to escape the container and compromise the host system, says Assaf Morag, lead data analyst at Aqua Security.
"Attackers are constantly looking for new techniques to exploit containers and [Kubernetes]," he says. "They usually find an initial access to these environments and try escaping to the host and collect credentials, insert backdoors, and scan for more victims."
As companies move more of their infrastructure to the cloud, attackers have followed. A study of the publicly available images on Docker Hub conducted late last year found that 51% of the images had critical vulnerabilities and approximately 6,500 of the 4 million latest images — about 0.2% — could be considered malicious.
In addition, the developers who creat ..
Support the originator by clicking the read the rest link below.
