Security News > 2023 > June > Aqua Security Study Finds 1,400% Increase in Memory Attacks

Analysis of 700,000 real-world attacks shows how memory attacks evade protections and suggest mitigations.

Threat actors are honing their focus on exploits that evade detection and remain unnoticed within systems, according to Aqua Security's 2023 Cloud Native Threat Report, which examined memory attacks in networks and software supply chains.

The cloud native security firm's research arm, Nautilus, noted a 1,400% increase in memory attacks versus what the company reported in its 2022 study.

According to Aqua Security, Nautilus analyzed 700,000 attacks over the six-month study period on its global network of honeypots.

Assaf Morag, lead threat intelligence researcher for Aqua Nautilus, said the group's discovery of HeadCrab, a Redis-based malware that compromised more than 1,200 servers, shone a light on how memory attacks were evading agentless solutions, which monitor, patch and scan systems remotely.

In a 2018 blog, Josh Fu, currently director of product marketing at endpoint management software company Tanium, explained that memory attacks aim to feed instructions into, or extract data from, RAM or ROM. In contrast to attacks that focus on disk file directories or registry keys, memory attacks are hard to detect, even by antivirus software.

News URL

https://www.techrepublic.com/article/aqua-security-study-increase-memory-attacks/