The SolarWinds cyber-attack is probably the most sophisticated and damaging nation-state cyber campaign we have seen in recent years. A key factor in the attack was the ability of the attackers to have their code digitally signed and approved by compromising the SolarWinds software supply chain. While breaching the SolarWinds supply chain was a complicated task, most of the cloud workloads used today come from much weaker supply chain sources such as DockerHub and GitHub Repositories. With recent research showing more than 50% of DockerHub images containing malware, it is almost inevitable that similar backdoors to the one seen at SolarWinds either already exist or will soon compromise additional cloud environments. While it initially seemed to be an attack focused solely on on-prem networks, it is now quite clear that it’s a new form of hybrid cyber-attack involving both on-premises and cloud-native assets. This type of attack exploits existing vulnerabilities and utilizes advanced techniques to keep under the radar of existing detection tools. In this webinar, we will analyze the SolarWinds attack to better understand the vulnerabilities of cloud-native environments, such as Kubernetes. We will then enumerate effective measures to eliminate or mitigate the risks inherent in cloud environments.
Presented by: ARMO