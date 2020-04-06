Infosecurity Group Websites
Latest
News

Docker Users Targeted with Crypto Malware Via Exposed APIs

Hackers are attempting to compromise Docker servers en masse via exposed APIs in order to spread cryptocurrency mining malware, according to researchers.

Aqua Security claimed to have tracked the organized campaign for several months, revealing that thousands of attempts to hijack misconfigured Docker Daemon API ports are taking place almost every single day.

“In this attack, the attackers exploit a misconfigured Docker API port to run an Ubuntu container with the kinsing malicious malware, which in turn runs a cryptominer and then attempts to spread the malware to other containers and hosts,” it explained.

The Ubuntu container itself is designed to disable security measures and clear logs, and kills applications on the system including any other malware, as well as downloading the kinsing malware designed to mine for digital currency on the compromised Docker host.

Once kinsing is downloaded it tries to connect with C&C servers in Eastern Europe, with a different server used for each function. It then attempts to spread laterally across the container network, by collecting and using SSH credentials.

“Using the information gathered, the malware then attempts to connect to each host, using every possible user and key combination through SSH, in order to download the aforementioned shell script and run the malware on other hosts or containers in the network,” said Aqua Security.

The cryptominer itself, kdevtmpfsi, is designed to mine for Bitcoin.

DevSecOps teams must up their response to run least privilege access policies, scan images, look for anomalies in user behavior and invest in cloud security tools to enforce policies, argued the vendor.

Containers are increasingly on the front line when it comes to enterprise cyber-threats. Last year researchers found over 40,000 misconfigured Kubernetes and Docker containers online.

It’s not all about user error; in April 2019 Docker Hub, the world’s largest container image library, discovered unauthorized access to its platform affecting 190,000 accounts.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Zoom Blow as Thousands of User Videos Are Found Online

2
News

Zoom Patches Three New Bugs in Scramble to Support Remote Workers

3
News

Chinese #COVID19 Conspiracy Theories Date Back to January

4
News

Google Mobility Reports Show Impact of Lockdown

5
News

Common Flaws Discovered in Penetration Tests Persist

6
News

Threat Group Lures Victims with Teddy Bears

1
News

Vulnerabilities Detected in Government-sanctioned COVID-19 App

2
News

Data Thieves Hit California Property Management Company

3
News

Australians Arrested Over $2.6m Email Scam

4
Opinion

WannaCry – Please Meet #COVID19

5
News

Common Flaws Discovered in Penetration Tests Persist

6
News

DoJ: Zoombombing Could Land You Behind Bars

1
Webinar

The Impact of #COVID19 on the Infosec Industry

2
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

3
Webinar

Using SIEM to Protect Against Top Cybersecurity Threats

4
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

5
Webinar

Gain Control and Security of Your File Collaboration

6
Webinar

Advanced Protection Against Zero Day Threats and Malware

1
News Feature

Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic

2
Interview

Interview: Doug Dooley, COO, Data Theorem

3
Blog

Best Practices in Designing a Data Decommissioning Policy

4
News Feature

The Unique Dangers Posed by #COVID19 Phishing Scams

5
Opinion

Respecting Data Privacy Rights Through Data Encryption

6
Interview

Interview: Len Shneyder, Co-Chair, Election Security Working Group, M3AAWG