Experts on cybersecurity, companies Fortinet and Kromtech identified seventeen Docker files that are uploaded images that contain malware designed for mining cryptocurrency. The study showed that they were downloaded 5 million times, which indicates that hackers use these files to upload malicious code to various web applications.
According to experts, in fact, the attack was fully automated. Most likely, the hackers have developed a scheme of the search is not properly configured Docker and install it cryptomanager programs. Docker works on the architecture of client — server, so the process can be easily managed remotely using the REST API.
The virus files are now gone, but according to assumptions of researchers, hackers walked away with $90 000 in cryptocurrency. The amount though small, but significant for such a hack.
Representatives of cyber security urged users to be vigilant
“Today, a growing number of public MIS-configured platforms such as Kubernetes, allows hackers to create a fully automated tool that makes these platforms mine for hackers Monero”, — said in the report, the representatives of Kromtech. By uploading a malicious image to the Docker registry Hub, hackers were able 544,74 mined Monero, which is $90 000″.”As public repository on GitHub, Docker Hub exists to serve the interests of the community. When you work with open public repositories and open source we recommend you to follow several recommendations, including: to know the author of the content, scan the image before starting and to use the official image to Docker Hub and the certified content to Docker Store when possible”, — said the head of the security service of the company, David Lawrence in an interview with Threatpost.
Despite the presence of security file management Docker and Kubernetes, the users should remain vigilant and assess your vulnerabilities before hackers can take advantage of their resources.
If you find an error, please highlight the text and press Ctrl+Enter.