In brief

  • A report by Aqua Security points to a rise in cloud server attacks in 2020.
  • Hijacked cloud resources are mainly being used to mine cryptocurrency.
  • Sophisticated evasion techniques are enabling the rise in attacks.

Cloud infrastructure attacks are becoming more sophisticated all the time, and according to a new security report, the majority of them have one major goal: mining cryptocurrency.

A new report issued today by Aqua Security’s cybersecurity-centric Team Nautilus, entitled “Evolution of Attacks in the Wild on Container Infrastructure,” relayed the results of extensive research and testing into the growing trend of attacks on cloud servers.

According to a release, there is a “growing, organized and increasingly sophisticated pattern of attacks on cloud native infrastructure.” And while the majority of the tracked attackers sought to use cloud computing resources to mine crypto, the release adds that the “methods used open the door for higher-value targets that leverage security gaps in container software supply chains and runtime environments.”


Aqua Security traced cloud infrastructure attacks for a full year, tracking more than 16,000 individual attacks back to various international locations. The report adds that there has been a dramatic uptick in such attacks since the start of 2020, suggesting an organized and systematic approach.

“The attacks we observed are a significant step up in attacks targeting cloud native infrastructure,” said Team Nautilus head Idan Revivo, in a release. “We expect a further increase in sophistication, the use of evasion techniques and diversity of the attack vectors and objectives, since the widespread use of cloud native technologies makes them a more lucrative target for bad actors.”

The report suggests that “sophisticated evasion techniques” are being deployed, including using “vanilla” images that seem to be uncompromised, disabling other resource-draining malware, having time-delayed downloads for payloads, and using 64-bit encryption.

According to the report, about 95% of the attacks were aimed at mining cryptocurrency, and the total number of attacks jumped up 250% year-over-year.


This isn’t the first time we’ve heard about malicious attacks on servers with the aim of mining crypto. Earlier this year, security firm Guardicore issued a report about an active malware campaign that was hijacking Microsoft SQL Server (MS-SQL) machines globally to mine Monero and Vollar. It also noted that some attacks sought to disrupt other malware on hijacked systems, in order to fully command system resources.

Additionally, in January, a security researcher discovered a crypto mining botnet on a United States Department of Defense server, with Monero mining again the key aim.

Stay on top of crypto news, get daily updates in your inbox.