Aqua Blog

Secure Your Containers from DreamBus Botnet with Aqua Runtime Protection

February 5, 2025
Secure Your Containers from DreamBus Botnet with Aqua Runtime Protection

Aqua’s robust container security solution provides multiple ways to protect against the DreamBus Botnet, with the simplest being Drift Prevention. We understand every environment is unique, Aqua’s Drift Prevention policy is flexible and allows you to set to Audit mode for detection only or to Enforce mode for automatic blocking.  

Step-by-Step Guide

1. Enable Runtime Protection

In the Aqua Console, go to Workload Protection Runtime Policy. 

2. Define Runtime Policies

Click Add a Policy (top right) and select Container Runtime. 

3. Enable Drift Prevention

Set it to Audit or Enforce to detect and block unauthorized changes to binaries, processes, or file systems. 

Drift prevention policy

Aqua Drift Prevention Runtime Policy

For more prevention and remediation strategies, including Aqua’s behavioral detection capabilities, visit our Support Portal.

Real Customer Experience: DreamBus Botnet Incident

A DevOps team launched their cloud native app, confident after following best practices: scanning container images for vulnerabilities, running dynamic analysis in isolated environments, and using CSPM tools to identify configuration risks.

Although some low and medium vulnerabilities were found in the web UI and microservice, they were disregarded due to negligible impact and compliance satisfaction. Dynamic scanning didn’t reveal any issues, and CSPM flagged only minor, expected configurations. Yet, within 12 hours, the DreamBus botnet exploited an exposed database with weak credentials.

Despite adhering to best practices, a misconfiguration exposed a database with weak credentials (e.g., “123456“). While static scans, dynamic analysis, and CSPM tools are vital, they don’t detect weak application-level passwords. To truly secure your cloud native applications, you need continuous runtime protection and proactive security policies that catch what other tools miss.

Don’t wait for an attack to reveal the gaps!

Contact your Aqua Sales Representative or Customer Success Manager today to learn how you can strengthen your container security and prevent real-world attacks.

Let’s Talk

For more detailed information about the DreamBus Botnet, read our blog: Stopping a DreamBus Botnet Attack with Aqua’s CNDR.

 

Published under: CONTAINER SECURITY

Tags:

Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links