The pandemic has ushered in a new digital age, the acceleration of digital transformation programmes and increased reliance on cloud services. Digital leaders are forced to tackle a constantly changing threat landscape with cyberattacks on the rise. In fact, last November, the UK National Cyber Security Centre, reported that it had protected the country from 723 cyber “incidents” in the 12 months to 31st August 2020. Given the “increased attack surface”, there are now multiple entry points for cybercriminals to target and security teams need to adapt quickly. In containers specifically, we see that the volume and level of sophistication is constantly raising (latest data shows a 26% increase in container attacks in the second half of 2020). How can we keep up?
Cloud security and advanced techniques
As cloud native technologies become cheaper, easier to use, and more available, consequentially they are more widely adopted by organizations. In addition, the Cloud Service Providers, such as Amazon, Microsoft, Google and others, are innovating at cloud speed. This means that new and updated services are introduced on a weekly basis. But it comes with a cost.
Fast development opens the door to vulnerabilities – with such high frequency that they are detected on daily basis. In addition, while cloud native technologies make development easy, they can also lead to more mistakes, such as misconfigurations. Keeping up with the security implications of these changes requires a dedicated team of experts who continue to learn and adapt their tools and best practices. Attackers never rest. They always try finding new ways to exploit these systems and human errors.
To better understand the cloud native threat landscape, in 2021 Aqua’s Team Nautilus published the industry’s first cloud threat report based on thousands of attacks in the wild. Since then, the team continues its commitment to discovering novel attacks and the use of new sophisticated techniques in the cloud.
As part of Digital Leaders Innovation Week, Team Nautilus’ Threat Intelligence Lead, Assaf Morag, can provide some insight into the constantly changing threat landscape and further explain the sophisticated techniques. Through a variety of case studies and real-world attacks, attendees will get a glimpse into:
• The evolution of fully automated attacks.
• Common attack types in the cloud such as packing files, running form memory, and using obfuscation in attacks.
• Examples of what APT-grade weapons look like in cloud native.
• Best practices and tips for leaders to implement into their organisations.
Additionally, Digital Leaders can walk away with a better understanding of the types of technologies to monitor and control all the digital assets of the organisation and why to prioritize hiring experienced practitioners who are focused on these new and advanced technologies.
Assaf is a Lead Threat Intelligence and Data Analyst at Aqua. As part of Team Nautilus, Aqua's research team, his work focuses on supporting the data needs of the team, obtaining threat intelligence and helping Aqua and the industry stay on the forefront of new threats and methodologies for protection. His work has been published in leading infosecurity publications and journals across the globe and most recently he contributed to the new MITRE ATT&CK Container Framework.
Team Nautilus focuses on cybersecurity research of the cloud native stack. Its mission is to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure – enabling new methods and tools to address them.
Example of recent threat reports: