DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Archive

How Containers are Attacked by Cryptominer Malware

DigitalCIO Bureau by DigitalCIO Bureau
April 10, 2020
in Archive
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Recently, researchers revealed that misconfigured containers are again targeted by Cryptominer malware. Read on to know more about it…

An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. Containers are among the most essential technologies in DevOps known for the speed and efficiency it offers during the development process, while maintaining consistency across the board. However, such agility also exposes organizations to potential risks.

Misconfigured Docker API
A threat actor group was recently found targeting insecure containers, exposed due to misconfigurations in the Docker API. Researchers stumbled upon a cloud-based cryptomining malware called ‘Kinsing’ that targets thousands of Docker systems to run a Bitcoin miner. The research team said that Containers allowing Docker commands to be executed without authentication are at risk.

A quick search using a port-scanning service revealed that around 6,000 IP addresses could be hosting vulnerable installations of Docker. The volume of attacks suggests that it is an aggressive attack campaign since much effort is required into scanning the Internet on a daily basis. Also, in the first week of April 2020, a report revealed that a malicious botnet has been targeting Microsoft SQL database servers for the last two years to mine cryptocurrency. The hackers had managed to infect a significant number of servers, ranging from 2,000 to 3,000, on a daily basis.

Other Cryptojacking Attacks
Over the years, we have seen cryptojacking attacks affecting various kinds of devices but recently, hackers have resorted to Containers to channelize their attacks and quickly infect additional systems. Security teams can learn about their attack tactics from previous attack campaigns such as the following instances

• Researchers found a new cryptojacking worm, dubbed “Graboid,” that spreads using Containers in the Docker Engine and was deployed to mine Monero coins.
• An API misconfiguration in Docker Engine-Community allowed attackers to infiltrate Containers and run a variant of the Linux botnet malware AESDDoS.
• Last year, a group of researchers revealed Containers caught in malicious trap coming from a publicly accessible Docker Hub repository named “zoolu2” that contained the binary of a Monero (XMR) cryptocurrency miner.
• Researchers detected “Xulu”, a mining botnet, that deployed malicious Docker Containers on victim hosts by exploiting Docker’s remote API.

In 2018, it was reported that seventeen malicious Docker Containers earned cryptomining criminals $90,000 in a span of just 30 days.

Compromising Containers
Various threats attackers exploit to compromise Containers are through

• Default configuration during image creation: It is one of the most common mistakes. During image creation, users often install an application with its default configuration, ignoring the security aspects.
• Exposed data in docker files: Attackers are always looking for data such as passwords and the private portions of SSH encryption keys in Dockers. Even default passwords for an account is a big risk.
• Unreliable third-party sources: Hackers have been dropping malicious codes on public platforms such as a GitHub repository to target unsuspecting users. This opens up the container to potential attacks.
• Exposed applications and ports: Deployed applications can be exploited through SQL injection, cross-site scripting, brute-force attacks, and remote file inclusion. Exposed ports in applications can also lead to API abuse.
• Non-update vulnerable images: Container images need to be regularly updated. Older infected images (with vulnerabilities or bugs) could be exploited by hackers for malicious attacks.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Data Recovery Experts Expand their Cloud and Security Skills at VeeamON Tour India

by DigitalCIO Bureau
September 1, 2023
0
Data Recovery Experts Expand their Cloud and Security Skills at VeeamON Tour India

Veeam Software flagged off its highly anticipated VeeamON Tour India 2023 in Mumbai today, delivering a rich experience to over 600 registrants. This month-long tour comes as an...

Read more

Dell Technologies Announces Intent to Acquire Moogsoft

by DigitalCIO Bureau
August 20, 2023
0
Dell Technologies Announces Intent to Acquire Moogsoft

Dell Technologies (NYSE: DELL) announced it has signed a definitive agreement to acquire Moogsoft, an AI-driven provider of intelligent monitoring solutions that support DevOps and ITOps.This transaction will further enhance...

Read more

Government Technology Agency of Singapore concludes third HackerOne bug bounty programme

by DigitalCIO Bureau
August 20, 2023
0

GovTech Singapore resolved 33 security weaknesses and awarded global hacker community over US$30,800 for contributing to a more secure and resilient smart nation HackerOne and Singapore's Government Technology...

Read more

XProtect(R) on Amazon Web Services Now Available in AWS Marketplace

by DigitalCIO Bureau
August 20, 2023
0

Customers with a cloud-first strategy and those looking for a hybrid VMS solution can now deploy a pre-configured XProtect as an elastic solution available globally with high flexibility...

Read more

OurCrowd Pandemic Innovation Conference to host global leaders, startups and investors online

by DigitalCIO Bureau
August 20, 2023
0

June 22 forum features tech solutions to global crisis, $100m OurCrowd Pandemic Innovation Fund OurCrowd will host the OurCrowd Pandemic Innovation Conference on June 22 to explore the...

Read more
Next Post

72% Indian firms see Covid-19 impact going beyond 6 months

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

IBM Makes Llama 2 Available Within Its Watsonx AI And Data Platform

IBM Makes Llama 2 Available Within Its Watsonx AI And Data Platform

August 20, 2023

How Pegasus Spyware Infected Phones through WhatsApp Servers

November 14, 2019

Spirent Wraps 2019 with More Than 100 5G Deals

December 12, 2019

Browse by Category

  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Resources
  • Security
  • Storage
  • Tech News
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

BROWSE BY TAG

Acquisition AI AIOps Appointment artificial intelligence Artificial Intelligence and Machine Learning Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare CommScope CrowdStrike Customer Experience Cybersecurity Deloitte Digital Transformation E-books ESG Everest Group Gartner Generative AI IDC Infographics Infosys Internet of Things (IoT) Nessus Expert Netskope New Relic Nextiva o9 Solutions Oracle Panel Discussion Public cloud ransomware Redington Limited Salesforce software Sophos Sustainability Tenable Veeam Software Webinars WeWork India Whitepaper

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2023 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2023 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?