Cryptocurrency mining and DDoS attacks on Docker servers
Cyberattackers are taking the opportunity to target exposed Docker API endpoints, a project that automates the deployment of applications within software containers, to create images infected with malware to facilitate distributed denial of service (DDoS) attacks and mine cryptocurrencies.
According to a report released by the Palo Alto Networks Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by implementing a cryptocurrency mining system, using Docker containers, and leveraging the Docker Hub repository. to distribute these images.
Additionally, in a new massive scan operation detected by Trend Micro researchers, unprotected Docker servers are being attacked with at least two different types of malware, XOR DDoS and Kaiji, to collect system information and carry out DDoS attacks.
- 22/06/2020 blog.trendmicro.com XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers
- 25/06/2020 unit42.paloaltonetworks.com Attackers Cryptojacking Docker Images to Mine for Monero
- 25/06/2020 thehackernews.com Docker Images Containing Cryptojacking Malware Distributed via Docker Hub
- 26/06/2020 zdnet.com Docker servers infected with DDoS malware in extremely rare attacks
- 28/06/2020 unaaldia.hispasec.com Malware de minado de criptomonedas distribuido vía Docker Hub