Spyderbat’s Container Security Predictions for 2023
As companies race to maintain a competitive pace of application development and deployment – while increasingly relying on third-party microservices – they inevitably expose their systems to a wider variety of threats. Following two years of rushed cloud adoption precipitated by the shift to remote work, cybercrime has spiked year-over-year continuously since 2020, with incidents in 2021 coming in 68% over 2020 totals and Q3 data from 2022 projecting higher totals by the end of the year.
Development environments have changed radically in recent years – moving to multi-cloud, container-heavy architectures – so have the most common and potentially damaging threat vectors. The majority of today’s hackers – 64% – need less than five hours to breach and collect data from most cloud environments. Here are five highly-leveraged threat types developers should be on guard against.
1. Cloud Misconfigurations
With 90% of today’s enterprises running on multi-cloud architectures – containing on average 5-6 public and private clouds – potential vulnerabilities in the form of misconfigurations abound. According to recent studies, 80% of cloud data breaches originate with manual misconfiguration or oversight. Commonly exploited misconfigurations include:
Unrestricted inbound and outbound ports
Secrets such as passwords, admin credentials, and encryption and API keys stored on compromised servers or in HTML or GitHub repositories
Default disabled monitoring and logging tools
2. Credential Mismanagement
Multi-cloud environments rely on dozens of different application tools, microservices, and privileged accounts. Developers working in such systems often need unique keys and passwords for every application-to-application and application-to-database connection. If left unautomated, users will naturally drift – two-thirds of the time – toward easily cracked mnemonic or reused passwords. Requiring the use of automated credentials can largely eliminate the risk of potentially cracked keys and passwords.
3. Supply Chain Vulnerabilities
Attacks on the software supply chain – the various libraries, open-source components, and other third-party tools used to develop modern applications – tripled in 2021. At the same time, developers have grown increasingly reliant on dependencies and code they didn’t write– for as much as 85% of codebases in large enterprises. According to CISA, the most prevalent supply chain attack techniques are:
Compromising open-source components
Undermining code signing
4. API Vulnerabilities
APIs are indispensable for integrating modern cloud applications. Modern applications may connect to hundreds of APIs, many provided by third-party vendors. Because API vulnerabilities are commonly documented in publicly accessible sources, they are low-risk/high-reward targets for attackers. According to recent data, the top security risks of APIs are:
Broken object-level authorization
Excessive data exposure
Broken user authentication
Lack of resources and rate limiting
Lack of validations for data injections
5. Social Engineering Vulnerability
There has seen an uptick in 2022, successful attacks include phishing for credentials and accounts protected by multifactor authentication (MFA). Attacks on Okta and Uber involved spoofed websites and fraudulent correspondences to convince employees to hand over MFA credentials. These incidents should remind organizations that even hardened authentication processes cannot eliminate threats posed by human error.
Runtime Security with Spyderbat
Navigating the modern software threat landscape pulls security resources in different directions, simultaneously trying to monitor a radically expanded attack surface while working to master manual cloud and container configurations. To counter these concerns, organizations need reliable security and visibility at runtime. Spyderbat’s cloud native runtime security platform enables live and historic visibility into precisely what’s happening in and across cloud workloads and containers, allowing developers to instantly identify runtime deviations.
In pre-production, Spyderbat monitors what actually occurs at runtime to allow developers to avoid unexpected workload behavior changes from code updates or third-party components. For example, developers are able to see what actually happens running a third party script or code to address any unanticipated behaviors (network connections, processes, or file handles).
Additionally, Spyderbat’s runtime intrusion prevention protects against known vulnerabilities allowing developers to apply patches according to the development schedule rather than as an emergency hotfix. The reduced context switching enables developers to maintain or even increase velocity by planning their patching into suitable iterations.