Aqua Security has published a report showing a continued rise in cyberattacks targeting container infrastructure and supply chains. The report provides a detailed analysis of how bad actors are getting better at hiding their increasingly sophisticated attacks. A massive campaign targeting the auto-build of SaaS dev environments was uncovered. 40% of attacks involved creating backdoors on the host; adversaries are dropping dedicated malware, creating new users with root privileges and creating SSH keys for remote access. Botnets are swiftly finding and infecting new hosts as they become vulnerable: 50% of new misconfigured Docker APIs are attacked by botnets within 56 minutes.
Source: https://www.helpnetsecurity.com/2021/06/24/vulnerable-container-infrastructure/