Aqua Security: 50% of new Docker instances attacked within 56 minutes

Which place does your company rank in the AI adoption curve for AI? To find out, take our AI survey.Aqua Security's 2020 Cloud-Native report revealed that botnets attack fifty percent of newly configured Docker instances within 56 minutes. According to the cloud native security company, it takes five hours for an attacker scan a honeypot.Image credit: Aqua SecurityAqua Security pointed out that crypto mining was the most common attack. This may have been perceived more as a nuisance than a serious threat. Backdoors were used to gain access to victims' networks and environment in 40% of attacks. Backdoors could be enabled by installing malware, or creating new users with root privileges. Over 36% of all attacks used worms to infect and detect new victims.Adversaries continue to search for new ways of attacking cloud native environments. Aqua Security found that they are looking for ports 2375 (unencrypted Docker connections), and other ports related cloud native services. Campaigns were launched against supply chains, the autobuild process of code repositories and registries as well as CI service providers. Attacks through Docker Hub or GitHub were also possible. In order to trick developers into downloading malicious containers images or code packages, adversaries used typo-squatting and misspellings from popular, public projects.Attackers are expanding their arsenals to avoid detection.Aqua Securitys Dynamic threat analysis (DTA), which is powered open-source project Tracee, was used to analyze the report. The software allows users to perform runtime security analysis and forensics in a Linux environment with eBPF (a Linux firewall frame). To map the entire attacker arsenal, from Initial Access to Data Exfiltration and everything in between, the attackers techniques were classified using the MITRE AT&CK framework.Aqua's team observed that botnets quickly find and infect new hosts, as they become more vulnerable, between June 2019 and December 2020. The team discovered 17,358 honeypot attacks that were more sophisticated in terms of privilege escalation and persistence. The average attack rate also increased, from 12.6 per hour in the second half of 2019, to 77 per hour in the first half 2020. The average number of attacks per day was 97.3 by the end of the second half 2020.Aqua Security's complete Cloud Native Threats Report and detailed attack analysis is available.