i g u th 5 b m o .c i g u th 5 b m o .c CONTENTS CONTENTS u th i g I 5 b m o .c CONTENTS u th i g II 5 b m o .c CONTENTS u th i g III 5 b m o .c CONTENTS u th i g IV 5 b m o .c AI AISecOps IT IT/CT m o .c IT/OT 5G IT u th 2018 i g 5G 1 5 b 1. 1 u th i g 2 5 b m o .c Cloud Native Computing 1.1. IaaS u th i g 5 b Cloud Native Computing Foundation 1.2. [1] https://www.cncf.io/about/faq 3 m o .c [1] CNCF API 1.2.1. CaaS DDoS Mitigation 1.2.2. u th DDoS DDoS i g DDoS 1.2.3. DDoS 4 5 b m o .c DDoS DDoS 1.3. u th i g 5 5 b m o .c 2. 2 u th i g 6 5 b m o .c 2.1. [2] 2018 Shodan 4800 2020 10 Docker Daemon 2375 2375 u th i g 2.1 2375 Kubernetes Dashboard 1200 Kubernetes Dashboard [2] https://www.nsfocus.com.cn/html/2018/92_1112/70.html 7 5 b Docker Daemon m o .c 2.2 Kubernetes Dashboard u th 2.2. [3] 5 b m o .c S3 i g S3 AWS Amazon S3 [4][5] S3 2.3. Kubernetes 2018 2 20 RedLock [6] Kubernetes Kubernetes [3] https://aws.amazon.com/cn/products/storage/object-storage-for-cloud-native-applications [4] https://businessinsights.bitdefender.com/worst-amazon-breaches [5] https://github.com/nagwww/s3-leaks [6] https://web.archive.org/web/20180222103919/https://blog.redlock.io/cryptojacking-tesla 8 Dashboard Kubernetes Kubernetes Dashboard Kubernetes 2020 6 4 8 Azure 10 Azure Kubernetes Kubeflow Kubernetes Graboid 2019 10 15 Unit 42 u th i g Monero 2020 m o .c [8] Kubeflow Web [7] Kubernetes 5 b [9] Kubernetes Graboid 2000 Docker Docker Docker Docker Hub pull AV EDR Kubernetes API Server [7] https://azure.microsoft.com/en-us/blog/detect-largescale-cryptocurrency-mining-attack-against-kubernetes-clusters [8] https://www.microsoft.com/security/blog/2020/06/10/misconfigured-kubeflow-workloads-are-a-security-risk [9] https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub 9 2.4. Web Shell u th i g 10 5 b m o .c 3. 3 u th i g 11 5 b m o .c 3.1. 3.1.1. u th Alpine Alpine root i g CVSS 3.0 5 b m o .c CVE-2019-5021 3.3 3.9 root [10] 9.8 exploit 2018 [10] https://nvd.nist.gov/vuln/detail/CVE-2019-5021 12 6 [11] docker123321 Docker Hub 17 Docker Hub 500 9 Shell Shell docker123321 2017 9 Tomcat exploit u th i g exploit m o .c Docker Hub [12] 5 b Docker Hub 1day 0day 3.1.2. [11] https://mackeeper.com/blog/post/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers/ [12] https://github.com/docker/hub-feedback/issues/1121#issuecomment-326664651 13 3.1 u th i g 5 b Docker-in-Docker m o .c [13] Docker Socket [13] https://www.docker.com/blog/docker-can-now-run-within-docker 14