Aqua Security announced that its Team Nautilus researchers were tapped by the MITRE ATT&CK team to contribute to the development of the new Container Framework. Aqua’s contributions help to create a foundation for cloud security methodologies and shape the future of container security by illuminating key cloud native security attack vectors and methods observed in the wild by Aqua’s threat research team.
Aqua began sharing insights with the MITRE ATT&CK team in late 2020 on how adversarial behavior in containers can be translated to ATT&CK techniques and sub-techniques. Aqua’s specific contribution included providing insights on how attackers are able to use exploits and other methods to build their own malicious images on hosts, accomplish privilege escalation, and evade defenses by, for example, disabling or modifying security tools.
“We are honored to contribute to MITRE‘s new container framework,” said Idan Revivo, Head of Cybersecurity Research at Aqua. “Aqua is on the forefront of following the latest threats in cloud security and container security, and we are eager to share our knowledge with the community. We look forward to continuing to support MITRE’s efforts and help organizations of all sizes stay ahead of the increasing risks of adversaries.”
“Aqua was one of the companies that answered our call to the community when we began developing ATT&CK for Containers through the Center for Threat-Informed Defense,” said Adam Pennington, MITRE ATT&CK lead. “We are all working to help companies stay protected against attacks using knowledge bases like ATT&CK as a common language. Contributors like Aqua, with expertise and experience with real-world attacks, help us support the security community in reaching that goal.”
MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Team Nautilus focuses on cybersecurity research of the cloud native stack and aims to uncover new vulnerabilities, threats, and attacks in the wild that target containers, Kubernetes, serverless, and public cloud infrastructure — enabling new methods and tools to address them. Among its research reports, the team produces an annual “Cloud Native Threat Report” and most recently released its “2021 Cloud Security Report: Cloud Configuration Risks Exposed.”