Security News > 2021 > April > Cloud-native watering hole attack: Simple and potentially devastating

As cloud technologies become more varied and omnipresent and as cloud stacks become increasingly modular and layered, we're going to see a higher rate of full-on attacks.

This clearly meets a critical need, but also opens up potential security compromises, including cloud-native watering hole attack risks.

We also surely remember that in July of last year, cloud communications PaaS provider Twilio uncovered a nasty surprise: its cloud storage systems had been breached, and a copy of a JavaScript SDK had been modified.

What if attackers compromise the container registry and upload a malicious container image with a backdoor embedded inside it? This will provide direct access into the cloud-native environment-and that's the template for a cloud-native watering hole attack.

Security must be codified into all layers of the cloud stack to identify and fix misconfigurations before cloud infrastructure is provisioned.

Again, a cloud-native watering hole attack represents only one strain of digital threat, but it's disarmingly simple, potentially devastating and increasingly common.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/apyADshAczI/