According to published this week report by Aqua Security, attacks on cloud systems have grown by a record 250% over the past year. Interestingly, such attacks are most often carried out for the sake of mining cryptocurrencies (most often Monero), and not with the aim of stealing confidential information, creating infrastructure for DDoS attacks, and so on.
Experts write that between June 2019 and July 2020, they detected and analyzed 16,371 cloud attacks. That is how many times hackers have tried to break into the company's decoys and then download and deploy images of malicious containers to them.
Almost 95% of the attacks studied were carried out for the purpose of mining cryptocurrencies, and the remaining percent were mainly related to DDoS infrastructures. The researchers note that the cloud attack landscape has changed over the past year, with organized crime groups increasingly opting to invest in infrastructure.
The changes also affected the complexity of attacks: if earlier cybercriminals scanned the Internet for unprotected cloud servers, exploited known vulnerabilities and preferred brute force, now hack groups often organize sophisticated attacks on the supply chain. For example, cybercriminals put malware in regular container images and upload them to public resources.
Aqua Security analysts note that such malware only begins to act after the image is deployed, which means that payload is extremely difficult to detect using static analysis or relying on signature-based security mechanisms.
But not only attacks are becoming more difficult, but the malware itself, which is used by hackers. The report states that the complexity of the malware is already comparable to that of malware for desktop systems. In particular, experts have already encountered payloads triggered in stages, malware with 64-bit encryption, as well as threats that effectively disabled and eliminated the “products” of competing hack groups.