New Attack Technique Uses Misconfigured Docker APINew Attack Technique Uses Misconfigured Docker API
A new technique builds and deploys an attack on the victim's own system
July 16, 2020
Researchers have discovered a new technique that lets an attacker to build and deploy an image on a victim's host. The attack exploits a misconfigured Docker API port to build and run a malicious container image on the host.
In the observed attack, the adversary used a Docker SDK for Python package to send commands to a misconfigured Docker API. The aim, in the observed instance, was to execute a resource-hijacking attack using a cryptominer.
Assaf Morag of Team Nautilus, Aqua's cybersecurity research team, observed this technique. He points out that because the attack builds and executes malicious code on the victim's host, most defense tools are ineffective because they tend to scan malicious code coming in from outside the network perimeter. Morag says network-level detection/prevention security scanning could be effective in stopping the attack by disrupting communications with the C2 server. Ongoing dynamic threat analysis is another recommended strategy for defense.
For more, read here.
Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for detail on conference information and to register.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
5 Reasons To Move your PKI Deployment to the Cloud