• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Docker

XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers 

  • Posted on:June 22, 2020 at 4:58 am
  • Posted in:Botnets, Cloud
  • Author:
    Trend Micro
0

We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware and Kaiji DDoS malware. While the XORDDoS attack infiltrated the Docker server to infect all the containers hosted on it, the Kaiji attack deploys its own container that will contain its DDoS malware. 

Read More
Tags: botnetDDoSDockerKaijiXORDDoS

Why Running a Privileged Container in Docker Is a Bad Idea

  • Posted on:December 20, 2019 at 7:08 am
  • Posted in:Cloud
  • Author:
    Trend Micro
0

In this blog post, we will explore how running a privileged yet unsecure container may allow cybercriminals to gain a backdoor in an organization’s system.

Read More
Tags: Container SecurityDockerPrivileged Container

AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs

  • Posted on:June 14, 2019 at 5:03 am
  • Posted in:Botnets
  • Author:
    Trend Micro
0

An API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant of AESDDoS.

Read More
Tags: AESDDoSAPIDocker

Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims

  • Posted on:May 30, 2019 at 5:10 am
  • Posted in:Malware
  • Author:
    Alfredo Oliveira (Senior Threat Researcher)
0

We discovered a Docker Hub repository that has been sending infected cryptocurrency-mining containers to hubs with publicly exposed APIs. Some of the images within the repository contained a Shodan script that identified potential targets for further distribution.

Read More
Tags: Containercryptocurrency minerDevOpsDocker

Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware

  • Posted on:March 1, 2019 at 5:01 am
  • Posted in:Malware
  • Author:
    Alfredo Oliveira (Senior Threat Researcher)
0

Through data analysis of the container honeypots we’ve set up to monitor threats, we’ve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers cryptocurrency-mining malware. Networking tools are retrieved to carry out lateral movement on other exposed containers and applications.

The activities we uncovered are also significant in that they don’t need to exploit vulnerabilities and don’t depend on any version of Docker. Identifying a misconfigured and thus exposed container image is all it could take for attackers to infect many exposed hosts.

Read More
Tags: DevOpsDockerMisconfiguraton
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.