Hackers Scan Massive Docker Instances to Mine Crypto
Hackers are at it again, looking for vulnerable Docker instances so they can selfishly mine Monero.
Over the weekend, according to cybersecurity researchers at Bad Packets, what is believed to be a concerted effort to scan for known vulnerabilities in Docker deployments by cyber-criminals. These massive scans, covering over 59 thousand IP networks, are searching for victims. When they find a suitable instance, a malicious payload is deployed which includes the crypto-mining engine XMRig that enables the Monero mining for the attacker's benefit.
For those running Docker instances, be sure you are running the latest software and to lock down the network ports.
Crypto mining-malware is common, but targeting Docker is relatively new as is the scale of such a coordinated scanning tactic to target victims. As cybercriminals become more organized, this will become the norm. The time between vulnerability release and massive scanning to find victims will narrow, especially in situations where crypto-mining can be deployed for immediate financial gains.
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.
Thanks for sharing. I know of someone getting ready to deploy Docker and will be passing on this information to them.
I agree and why I believe AI and machine learning is going to be the only way for cybersecurity to keep up.