In 2020, our Nautilus research team saw yet more attacks targeting the cloud native supply chain and infrastructure. These security threats, including fileless malware in containers, taking advantage of misconfigured Docker API ports, and using container images for attacks are, admittedly, relatively unsophisticated. However, despite this lack of sophistication they are still successful, and it drives home the fact that there are still so many common security oversights which bad actors can take advantage of.
To date, the most commonly observed goal of bad actors has been to hijack compute cycles for cryptomining. However, we are beginning to see the trajectory changing and, with more container take up in enterprises, prizes will be greater and more sophisticated attacks will not be far behind.
