SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Application Security
#
Cloud Security
#
Cybersecurity
Major surge in memory-based attacks as hackers evade traditional cloud security defences
Thu, 6th Jul 2023
Author image
By Shannon Williams, Journalist
Follow us

There has been a major surge in memory-based attacks as hackers evade traditional cloud security defences, according to a new report.

Cloud native security firm Aqua Security has published its 2023 cloud native threat report, which summarises research and observations by Aqua Nautilus researchers.

Based on analysis of actual attacks in the wild, the report provides security practitioners insight into threat actors’ changing tactics, techniques and procedures in order to better protect their cloud environments.

The report covers three key areas: software supply chain; risk posture, which includes vulnerabilities and misconfigurations; and runtime protection.

Of the many findings, one of the most significant demonstrates that threat actors are heavily investing resources to avoid detection to establish a stronger foothold in compromised systems.

Nautilus research found that, compared to findings in the 2022 report, there has been a 1,400% increase in fileless or memory-based attacks, which exploit existing software, applications, and protocols to perform malicious activities.

In fact, threat actors are using many techniques to conceal their campaigns. Aggregated honeypot data collected over a six-month period showed that more than 50% of the attacks focused on defence evasion.

These attacks included masquerading techniques, such as files executed from /tmp, and obfuscated files or information, such as dynamic loading of code. These findings illustrate the critical importance of runtime security.

“Threat actors are more heavily focused on and increasingly successful at evading agentless solutions,” says Assaf Morag, lead threat intelligence researcher for Aqua Nautilus.

“The most persuasive evidence of this was our discovery of HeadCrab, the extremely sophisticated, stealthy, Redis-based malware that compromised more than 1,200 servers," he says.

“When it comes to runtime security, only agent-based scanning can detect attacks like these that are designed to evade volume-based scanning technologies, and they are critical as evasion techniques continue to evolve.”

The report also highlights Nautilus research into software supply chain risk. It illustrates various areas in the cloud software supply chain that can be compromised and pose a significant threat to organisations.

In one specific use case, Nautilus demonstrates the implications of misconfigurations in the software supply chain and how they can lead to critical threats. This is significant because organisations of all sizes are at risk for misconfigurations and even minor misconfigurations can have a serious impact.

Ultimately, the research shows that protecting workloads with tools that understand how to interpret attacks on cloud runtime environments is crucial for ensuring the security and integrity of business data and applications.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds