Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As digital operations expand, the financial industry is facing heightened regulatory and security demands. With the European Union’s Digital Operational Resilience Act (DORA) set to take effect in January 2025, financial organizations must now comply with additional rigorous standards for operational resilience and cybersecurity.

The Sysdig Threat Research Team (TRT) recently discovered a global operation, EMERALDWHALE, targeting exposed Git configurations resulting in more than 15,000 cloud service credentials stolen. This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.

93% of last year’s data breaches began with compromised credentials. Before the cloud, security perimeters were defined by physical walls and network boundaries, but in the cloud, that perimeter has all but dissolved. Consider what happened in November 2023, when a cloud observability vendor found evidence of unauthorized access to its staging environment — an environment that housed customer data and PII.

This is the second episode of the CSI Container series, published and presented at CloudNativeSecurityCon 2024. In this episode, we focus on Kubernetes CSI, how to conduct DFIR activities on K8s and containers, and how to perform static and dynamic analysis. As we covered in the first episode, DFIR refers to the union of Digital Forensics (DF) and Incident Response (IR). We also highlighted how conducting DFIR activities in a container environment differs from the usual DFIR in a host environment.

We know that cloud attacks happen very quickly. Our 2024 global threat year-in-review, the third annual threat report from the Sysdig Threat Research Team (TRT), revisits the team’s hottest findings from the last 12 months and explores how they relate to the broader cyber threat landscape. This year’s report also includes informed predictions about 2025’s security outlook and potential trends.

In the context of cloud security posture management (CSPM), custom controls are policies or rules that give security teams the flexibility to create and enforce policies. These are needed to manage posture, tailor compliance measures, and detect misconfigurations across infrastructures like Kubernetes, containers, and the cloud.

The Sysdig Windows agent is a game-changer for cloud infrastructure, particularly when it comes to securing Windows containers in Kubernetes environments. While many endpoint protection agents are designed to provide security for traditional Windows hosts, Sysdig goes a step further by incorporating Kubernetes-specific context into its system introspection.

Sticking to container security best practices is critical for successfully delivering verified software, as well as preventing severe security breaches and its consequences. These best practices are an important part of implementing a robust Cloud Native Application Protection Platform (CNAPP). According to the 2023 CNCF Survey, over 90 percent of companies are using containers, while 84 percent of companies were using or evaluating Kubernetes.

Recently, AWS expanded the scope of their AWSCompromisedKeyQuarantine policies (v2 and v3) to include new actions. This policy is used by AWS to lock down access keys that they suspect have been compromised. A common example of this process in action is when AWS automatically applies the quarantine policy to any keys found by scanning public GitHub repositories. This proactive protection mechanism can stop compromises before they happen.