A major cloud security firm has detected a surge in DDoS and crypto attacks on container-based cloud infrastructures. The company has seen an increase of 3.5 times the number of these types of attacks than in the same period last year. DDoS attacks on container-based cloud infrastructures have surged this year according to a major cloud security firm. The company has detected an increase of three times the number of these types of attacks in comparison with the same period last year.“ We’re now seeing up to 3.5x more widespread DDoS activity in 2018 than during the previous quarter, which is a dramatic increase from what we’ve observed over the past few years,
DDoS attacks have been on the rise recently. The most common type is Cryptojacking, though. This kind of attack is especially problematic in container-based cloud environments as they need to be packed together with unsecured members for efficiency. Geopolitical factors are also a major cause for concern as Russia’s war against Ukraine lead to a fourfold increase in DDoS.
Cloud computing is becoming more popular, and as containerization gets used more in cloud-based systems, they also become an increasingly important attack vector. According to the Cloud Native Threat Report from 2022, containers are an increasing concern for supply chain attacks.
“Containers are great for developers because they allow people to share their work and therefore cut down on the amount of time they have to spend communicating with others.” In conclusion, several open source projects are available to help you deploy your registry. They also offer free access to registries to share your images.
Public container repositories might contain malicious images
The frequency and variety of malicious containers on public repositories such as Docker Hub is alarmingly high. These containers may contain cryptominers, backdoors or other exploit vectors which make it difficult to distinguish them from legitimate software applications which offers container and cloud security products
Their primary motivation is cryptojacking — unauthorized use of computing infrastructure to mine cryptocurrency. This usually happens because of critical vulnerabilities and weak configurations, which attackers exploit.
Some experts were worried about the high prevalence of cryptojacking but more recent studies suggest that it has a low risk and a high reward, which is why the trend is likely to continue. If a user’s laptop uses $53 worth of compute resources, they can expect to see a profit of $1. The firm made this calculation based on an activity analysis of TeamTNT as well as the cost to mine crypto in various countries.
A simple search for ‘mining bitcoin on aws’ shows that it will cost about $2.433 per hour to mine an ether token if you purchase an AWS instance for $0.129 per hour, so the question is: How much does it cost to mine 1 ether token at a time?
The cost to the attacker is near zero while the victim end up footing the expensive cloud infrastructure bill.
Russia-Ukraine conflict has led to an increase in DDoS attacks.
There have been a lot of DDoS attacks that use containers since the start of Russian invasion in Ukraine.
Recent data reveals that 150,000 volunteers have joined anti-Russian DDoS campaigns by using container images from Docker. The report also states that the goals of disrupting IT infrastructure and utilities have led to a fourfold increase in DDoS attacks between 4Q21 and 1Q22. Hacking groups have been attacking for years and have a variety of targets. They go after anyone who doesn’t seem to be on board with their values, and attack any unsecured network they can find an use as leverage in their attacks.
Otherwise, a Russia-related hacker group, called Killnet, launched several DDoS attacks on NATO countries. These include, but are not limited to websites in Italy, Poland & Estonia; they also targeted Ukraine and the United States.
The purpose behind the attacks on NATO countries by the pro-Russian hacktivist group, Killnet, is unclear. These DDoS attacks can be considered a form of cyber warfare. One speculation is that this is an attempt to distract from Russia’s involvement in recent cyber-attacks and protests that occurred in Ukraine.
Since sites are becoming more popular and relying on cloud hosting these days, it’s unsurprising to see that DDoS protections have become commonplace.
Security software and firewalls still leave gaps, which is why containers full of DDoS software are so alluring to hackers. They can target major websites without even entering the premises.
Securing Cloud system
Having a layered defense approach is the best way to prevent these attacks on cloud-based data. “In order to protect you and your business from cybercriminals, it’s important to implement security measures like vulnerability & permissions management.”
David is suggesting that machine-learning-based cryptominer detection should be used to alert security teams and block any attacks that make it through.
For cryptominer attacks, access control via IAM and CIEM technology make it very difficult for an attacker to provision instances impersonating the user.