Cloud specialist, Aqua Security, has announced that its Team Nautilus researchers have been tapped by the MITRE ATT&CK team to contribute to the development of the new Container Framework. Aqua’s contributions help to create a foundation for cloud security methodologies and shape the future of container security by illuminating key cloud native security attack vectors and methods observed in the wild by Aqua’s threat research team.
Aqua began sharing insights with the MITRE ATT&CK team in late 2020 on how adversarial behavior in containers can be translated to ATT&CK techniques and sub-techniques. Aqua’s specific contribution included providing insights on how attackers are able to use exploits and other methods to build their own malicious images on hosts, accomplish privilege escalation, and evade defenses by, for example, disabling or modifying security tools.
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Team Nautilus focuses on cybersecurity research of the cloud native stack and aims to uncover new vulnerabilities, threats, and attacks in the wild that target containers, Kubernetes, serverless, and public cloud infrastructure — enabling new methods and tools to address them.