Criminals are having a field day with misconfigured containers, installing cryptocurrency miners and various backdoors without breaking a sweat. According to a new report from Aqua Security Software, it takes less than an hour to compromise vulnerable software container infrastructure.
As reported by Silicon Angle, attackers are using bots to target misconfigured Docker APIs and are capable of gaining access in roughly 56 minutes.
Most of the time, attackers are looking to install cryptominers, which leverage the available computational power to mine cryptocurrencies. More than 90 percent of the malicious images found executed scripts that hijack computational resources.
Two in five (40 percent), meanwhile, deployed backdoors that acted as the first step in a multi-stage attack. In these instances, attackers often seek to create new user accounts with elevated privileges, as well as SSH keys for remote access.
Aqua Security also said it found a major campaign that targets the auto-build of SaaS development environments.
“This has not been a common attack vector in the past, but that will likely change in 2021 because the deployment of detection, prevention and security tools designed to protect the build process during CI/CD flow is still limited within most organizations,” said Assaf Morag, Lead Data Analyst.