Aqua News Aqua Security Surfaces Attacks on Container Platforms

Aqua Security has discovered a wave of cybersecurity attacks that abuse automated build processes to hijack resources from software development environments such as Docker Hub, GitHub, Travis CI and Circle CI to mine cryptocurrencies.

Assaf Morag, lead data analyst at Aqua Security, says some of the attacks were traced to 11 GitHub accounts that were used to create 51 GitHub projects that were masquerading as popular software projects including nginx, okular, openssh, openvpn, seahorse, nautilus and zookeeper. At the same time, researchers over the course of a few hours also discovered 56 Docker Hub accounts also using the names of popular software. During the build process, these container images proceeded to download a cryptominer from a single GitHub repository.

Need to secure enterprise workloads?

Aqua Cloud Native Application Protection Platform (CNAPP)

Go cloud native with the experts!

Get Demo

Aqua Security

Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.

Use Cases

Environments

Partners

Products

Get Started