The vast majority of cyber attacks on cloud servers aim to undermine cryptocurrency
Image: Aqua Security
An analysis of the one-year worth of cyber attacks recorded on cloud honeypot servers reveals that the vast majority of hackers target cloud infrastructure with the aim of distributing crypto-mining malware rather than exfiltrating sensitive corporate information, setting up a DDoS infrastructure or other forms of cybercrime.
According to Aqua Security’s Cloud Native Threat Report 2020, which monitored and analyzed 16,371 attacks between June 2019 and July 2020, attacks against cloud systems exploded earlier this year, when the company recorded a 250% increase. of attacks compared to the previous year.
During these attacks, hackers tried to gain control over honeypot servers and then download and deploy a malicious container image.
Aqua said 95% of these images were aimed at cryptocurrency mining, while the rest were used to set up the DDoS infrastructure, something that wasn’t a common occurrence until recently.
“Our analysis suggests that the threat landscape has shifted towards organized cybercrime, which is investing in infrastructure,” Aqua said.
The involvement of organized cybercrime groups has not only led to a spike in attacks, but has also increased the complexity of these intrusions.
Intrusion methods have been diversified and the complexity of the malware has improved, Aqua said.
From scanning the internet to finding cloud servers exposed online without passwords, exploiting vulnerabilities in unpatched systems, and running brute force attacks, hacker groups have recently orchestrated supply chain attacks.
These are attacks in which hackers insert malware into normal-looking container / server images that they upload to public logs.
Aqua Security claims that malware stored within these malicious containers only kicks in and performs malicious actions after the image has been deployed, making it impossible to detect malicious payloads using static analytics or signature-based security systems.
This has led to more groups adopting supply chain attacks as a way to target companies running cloud infrastructure. [i.e., some of previous cases I, II, III, and IV]
Furthermore, malware is becoming more and more complex, slowly approaching the complexity of malware targeted by desktops. Aqua claimed to have seen strains of malware that use multi-stage payloads, 64-bit coding to hide their malicious code, and techniques to disable competing malware on the same system.
All of this suggests a maturing cybercrime scene that is primarily focused on revenue generation and the easiest way to do this is to mine cryptocurrency (Monero) on hacked servers.
For more details on attacks targeting cloud infrastructure, refer to Aqua Security’s 71-page Cloud Native Threat Report.
Original Source