Cybercriminals are using poorly set up Docker APIs to mine cryptocurrencies illegally, hiding their actions on the Tor network. Trend Micro’s most recent study shows that these assaults are aimed at areas including technology, banking, and healthcare, showing how easily these environments can be hacked.
The attack started with a shady request from the IP address 198.199.72.27, which asked the Docker API for a list of containers on the target machine. If they can’t find any containers, attackers make a new one using the lightweight “alpine” Docker image.
Then, they mount the host’s root directory (“/host root”) as a volume in the container, which lets them access the system underneath. This arrangement allows hackers to use Tor to hide their location while running cryptocurrency mining software like XMRig, which makes it hard to find and trace them.
Misconfigured Docker APIs, which are typically left open without sufficient authentication, are easy targets. These weaknesses let hackers into containerized environments without permission, where they may run commands to install miners. Using Tor makes tracking even harder because it hides the attacker’s IP address when they send out malicious payloads.
The ad is mostly aimed at industries that use a lot of computing power, such as technology, finance, and health care. These sectors commonly use Docker to build infrastructure that can grow, which makes them good candidates for cryptojacking when hackers steal processing power to mine cryptocurrencies like Monero.
This attack shows that more and more crypto-jacking campaigns are going after inadequately protected cloud infrastructures. Wiz’s research shows that these dangers are made worse by things like exposing secrets in development repositories and other mistakes in cloud accounts. These kinds of weaknesses can give attackers information that they can use to exploit even more.
Organizations need to make sure that their Docker APIs are safe to protect against these threats. Some important steps are:
The use of poorly set up Docker APIs for Bitcoin mining over Tor shows how important it is to have strong cloud security procedures.
Organizations can lower the risks of these sneaky assaults by putting strict access controls in place and keeping an eye on things all the time. In a time where cyber dangers are always changing, it’s important to stay proactive to protect critical systems and data.
