Stopping a DreamBus Botnet Attack with Aqua’s CNDR

Aqua Cloud Native Blog \ Tags: Security Threats

SECURITY RESEARCH
Stopping a DreamBus Botnet Attack with Aqua’s CNDR
We recently came across a real-life scenario that is very common for organizations. A developer with admin access launched a cloud native application but made a mistake and misconfigured it with weak credentials. Just 12 hours later, the environment was attacked by the DreamBus botnet, which proceeded to evade defenses and run Kinsing malware and …
Read more
SECURITY RESEARCH
Threat Alert: Tracking Real-World Apache Log4j Attacks
This blog was co-authored with Ori Glassman, a security researcher at Aqua Security Until last week, Log4j was just a popular Java logging framework, one of the numerous components that run in the background of many modern web applications. But since a zero-day vulnerability (CVE-2021-44228) was published, Log4j has made a huge impact on the …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
CVE-2021-44228 aka Log4Shell Vulnerability Explained
Log4Shell, a new, critical zero-day vulnerability that crashed onto the scene last Friday, shows how issues that are hidden in seemingly basic functionality can have major repercussions for enterprise security. When the dust settles from the immediate incident response and remediation, organizations should assess how they can improve their detection and responses, because this vulnerability …
Read more
SECURITY RESEARCH
RATs in the Cloud: Kubernetes UI Tools Turn into a Weapon
Threat Alert
For many years, threat actors have been using legitimate remote access tools (RATs) in their campaigns, tricking users into installing them to get full control over the victims’ systems. Similarly, in the cloud native world, attackers are increasingly targeting user interface (UI) tools to gain access to Docker and Kubernetes instances. In this blog, we’ll …
Read more
SECURITY RESEARCH
Tracee Runtime Security Series: Writing Custom Tracee Rules
As an open source runtime security tool, Tracee provides a base rule set that can detect a variety of attacks. However, there’s often the need to add new rules either to contribute to the project or to provide specific rules for your environment. Because Tracee allows for new rules to be written in Rego and …
Read more
SECURITY RESEARCH
Threat Actors Using release_agent Container Escape
Threat Alert
Earlier this year, Aqua’s Team Nautilus detected a cryptocurrency mining campaign targeting our honeypots. As part of the campaign, the threat actors used a container escape technique that leverages the CGroup release_agent feature. This technique allows an attacker to break out from the container and compromise the host and, potentially, the entire network of an organization. …
Read more
SECURITY RESEARCH
The Great Escape: A Blast Radius Analysis of Container Attacks
In 2021, container attacks have been on the rise. We observed numerous attacks that were designed to escape container environments to the underlying host, increasing the impact of the attack. But how much damage can be caused when an attacker manages to escape a container? To answer this question, we conducted an analysis of real-world …
Read more
SECURITY RESEARCH
Azurescape: What You Need to Know
Microsoft recently disclosed a security vulnerability in its Azure Container Instances (ACI) service, referred to as Azurescape. No actual exploitations were reported and, thankfully, no Azure customers were affected by this vulnerability. To clear any doubts around risks to current environments, in this post we will examine the anatomy of a possible attack leveraging Azurescape …
Read more
SECURITY RESEARCH
Threat Alert: Supply Chain Attacks Using Container Images
Team Nautilus, Aqua Security’s threat research team, has uncovered several supply chain attacks that use malicious container images to compromise their victim. These five container images were found on Docker Hub, which we scan daily for signs of malicious activity. The images hijack organizations’ resources to mine cryptocurrency and can be used as part of …
Read more
SECURITY RESEARCH
Cloud Native Threat Report: How Quickly Will You Be Attacked?
The cloud native threat landscape is evolving fast, with 50% of vulnerable targets getting attacked within only one hour. While adversaries are constantly advancing their techniques to craft more sophisticated and targeted attacks, organizations are leaving themselves exposed. Aqua’s 2021 Cloud Native Threat Report analyzes attacks observed in the wild and identifies major trends in …
Read more
SECURITY RESEARCH
Supply Chain Attacks and Cloud Native: What You Need to Know
The past couple of years have seen a rise in software supply chain attacks, with the most salient example being the Solarwinds attack. As production environments have gained multiple layers of protection, and much of the attention of security teams, malicious actors have set their sights on “poisoning the well”, i.e., target where applications are …
Read more
SECURITY RESEARCH
Mapping Risks and Threats in Kubernetes to the MITRE ATT&CK Framework
In April, MITRE published the ATT&CK matrix for Containers covering adversarial techniques that target container technologies. At Aqua, we were proud to support this effort by sharing our knowledge and helping refine and extend the matrix. As for the risks in Kubernetes, Microsoft created a framework for Azure-based environments (AKS), but what about vanilla K8s? …
Read more
Page 7 of 10‹ Prev345678910Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links