• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Docker

Why Running a Privileged Container in Docker Is a Bad Idea
  • Posted on:December 20, 2019 at 7:08 am
  • Posted in:Cloud
  • Author:
    Trend Micro
0

In this blog post, we will explore how running a privileged yet unsecure container may allow cybercriminals to gain a backdoor in an organization’s system.

Read More
Tags: Container SecurityDockerPrivileged Container

AESDDoS Botnet Malware Infiltrates Containers via Exposed Docker APIs
  • Posted on:June 14, 2019 at 5:03 am
  • Posted in:Botnets
  • Author:
    Trend Micro
0

An API misconfiguration in the open-source version of the popular DevOps tool Docker Engine-Community allows attackers to infiltrate containers and run a variant of AESDDoS.

Read More
Tags: AESDDoSAPIDocker

Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims
  • Posted on:May 30, 2019 at 5:10 am
  • Posted in:Malware
  • Author:
    Alfredo Oliveira (Senior Threat Researcher)
0

We discovered a Docker Hub repository that has been sending infected cryptocurrency-mining containers to hubs with publicly exposed APIs. Some of the images within the repository contained a Shodan script that identified potential targets for further distribution.

Read More
Tags: Containercryptocurrency minerDevOpsDocker

Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware
  • Posted on:March 1, 2019 at 5:01 am
  • Posted in:Malware
  • Author:
    Alfredo Oliveira (Senior Threat Researcher)
0

Through data analysis of the container honeypots we’ve set up to monitor threats, we’ve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers cryptocurrency-mining malware. Networking tools are retrieved to carry out lateral movement on other exposed containers and applications.

The activities we uncovered are also significant in that they don’t need to exploit vulnerabilities and don’t depend on any version of Docker. Identifying a misconfigured and thus exposed container image is all it could take for attackers to infect many exposed hosts.

Read More
Tags: DevOpsDockerMisconfiguraton

Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware
  • Posted on:October 25, 2018 at 1:56 pm
  • Posted in:Exploits, Malware
  • Author:
    Trend Micro
0

We recently observed cases of abuse of the systems running misconfigured Docker engine with Docker application program interface (API) ports exposed. We also noticed that the malicious activities were focused on scanning for open ports 2375/TCP and 2376/TCP, which are used by the Docker engine daemon (dockerd). The intrusion attempts to deploy a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.SH.MALXMR.ATNE) on the misconfigured systems.

Docker implements virtualization on the operating-system (OS) level — also known as containerization. The Docker APIs, in particular, allow remote users to control Docker images like a local Docker client does. Opening the API port for external access is not recommended, as it can allow hackers to abuse this misconfiguration for malicious activities.

Read More
Tags: cloudContainerDevOpsDocker

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
  • January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
  • Security Analysis of Devices That Support SCPI and VISA Protocols
  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year-old XHide
  • Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.