• About & Contact Us
  • SEO Community

Ulancer.com

    • Latest Stories

      What is new?

    • Meet the startups that pitched at EF’s 10th Demo Day in London

      September 27, 2018

    • Rally Rd., the app that lets you invest in classic cars, raises $7M Series A

      September 27, 2018

  • News
  • How to’s
  • Writing
  • Startups
  • Jobs
  • More
    • CMS Tools
    • APPS
    • Web Resources
      • Advertising
      • Firefox
      • Scripts
      • Tools

Tainted, crypto-mining containers pulled from Docker Hub

  • by Ulancer Contributor
  • In Startups
  • — 15 Jun, 2018

Security companies Fortinet and Kromtech found seventeen tainted Docker containers that were essentially downloadable images containing programs that had been designed to mine cryptocurrencies. Further investigation found that they had been downloaded 5 million times, suggesting that hackers were able to inject commands into insecure containers to download this code into otherwise healthy web applications. The researchers found the containers on Docker Hub, a repository for user images.

“Of course, we can safely assume that these had not been deployed manually. In fact, the attack seems to be fully automated. Attackers have most probably developed a script to find misconfigured Docker and Kubernetes installations. Docker works as a client/server architecture, meaning the service can be fully managed remotely via the REST API,” wrote researcher David Maciejak.

The containers are now gone, but the hackers may have gotten away with up to $90,000 in cryptocurrency, a small but significant amount for such a hack.

“Today’s growing number of publicly accessible misconfigured orchestration platforms like Kubernetes allows hackers to create a fully automated tool that forces these platforms to mine Monero,” said a writer of a report by Kromtech. “By pushing malicious images to a Docker Hub registry and pulling it from the victim’s system, hackers were able to mine 544.74 Monero, which is equal to $90,000.”

“As with public repositories like GitHub, Docker Hub is there for the service of the community. When dealing with open public repositories and open source code, we recommend that you follow a few best practices including: know the content author, scan images before running and use curated official images in Docker Hub and certified content in Docker Store whenever possible,” wrote Docker’s head of security David Lawrence in a Threatpost report.

Interestingly, of late hackers have moved from attacking AWS Elastic Compute servers on Amazon’s platform to Docker and other container-based systems. While there are security systems available to manage Docker and Kubernetes containers, users should remain vigilant and assess their vulnerabilities before hackers get more of an upper hand.


News source

You might also like...

  • Fashionably AI 1 Aug, 2018
  • Test.ai nabs $11M Series A led by Google to put bots to work testing apps 31 Jul, 2018
  • This company will tell you which vitamins and supplements to take based on your DNA 5 Feb, 2018
  • Tentrr is turning private land into glampgrounds, with the help of VCs 11 Apr, 2018
  • Previous story Celebrity funds from Jay Z, Will Smith and Robert Downey Jr. are backing a life insurance startup
  • Next story Scooters go mad, Opendoor wants to buy your house, and Meituan’s IPO
  • RSS
    Receive Freebies & Latest Posts Directly To Your Email - it's Free!

    • Recent Posts
    • Most Popular
    • Comments
    • 7hrCggmJ-AMMeet the startups that pitched at EF’s 10th Demo Day in LondonSeptember 27, 2018
    • oNo38LV2tQIRally Rd., the app that lets you invest in classic cars, raises $7M Series ASeptember 27, 2018
    • Nearby.gifBerkanan is a Bluetooth-powered group messaging appSeptember 27, 2018
    • 2122.pngVinay Gupta to talk about Mattereum at Disrupt BerlinSeptember 27, 2018
    • slider_wp_03Best collection of WordPress Slider PluginsJuly 5, 2010
    • Joomla template builderTop 8 Free Joomla Template GeneratorsJuly 19, 2011
    • 40+ Best WordPress Plugins for Comments40+ Best WordPress Plugins for CommentsJune 18, 2011
    • wptheme2A Collection of Free WordPress ThemesJuly 11, 2010
    • Jason Hall on:Circle launches its stablecoin
    • Jason Hall on:Circle launches its stablecoin
    • Bharat Sarkari Naukri on:Spotify acquires online music studio Soundtrap as it goes after creators
    • PMP on:Online learning platform Unacademy gets $21M Series C from Sequoia India, SAIF and Nexus
  • Staff Picks

    • slider_wp_03Best collection of WordPress Slider PluginsJuly 5, 2010
    • Joomla template builderTop 8 Free Joomla Template GeneratorsJuly 19, 2011
    • 40+ Best WordPress Plugins for Comments40+ Best WordPress Plugins for CommentsJune 18, 2011
  • Recent Posts

    • Meet the startups that pitched at EF’s 10th Demo Day in London
    • Rally Rd., the app that lets you invest in classic cars, raises $7M Series A
  • Search Our Blog

  • Ulancer is an insightful freelance blog and resource site. We provide intuitive articles that cover Photoshop tutorials, time-saving management tips covering a broad range of topics. We also have an active freelance community forum, there you can meet other freelancers that share your common interest, socialize and chat about freelance trending news as the occurred.

© Copyright 2013 Ulancer.