Docker servers targeted by new Kinsing malware campaign

For the past few months, a malware operation has been scanning the internet for Docker servers running API ports exposed on the internet without a password. Hackers are then breaking into unprotected hosts and installing a new crypto-mining malware strain named Kinsing.

or the past few months, a malware operation has been scanning the internet for Docker servers running API ports exposed on the internet without a password. Hackers are then breaking into unprotected hosts and installing a new crypto-mining malware strain named Kinsing.

These attacks are just the last in a long list of malware campaigns that have targeted Docker instances — systems that, when compromised, provide hacker groups with unfettered access to vast computational resources.

The malware was implanted through a Docker instance with an exposed API port, they use the access provided by this port to spin up an Ubuntu container, where they download and install the Kinsing malware.

The malware’s primary purpose is to mine cryptocurrency on the hacked Docker instance, but it also comes with secondary functions. These include running scripts that remove other malware that may be running locally, but also gathering local SSH credentials in an attempt to spread to a company’s container network, to infect other cloud systems with the same malware.

Since Kinsing malware attacks are still ongoing, Aqua recommends that companies review the security settings of their Docker instances and make sure no administrative APIs are exposed online. Such admin endpoints should be either behind a firewall or VPN gateway — if they need to be exposed online — or disabled when not used.

The recent Kinsing malware campaign is just the latest in a long list of attacks from crypto-mining botnets that have targeted Docker instances.

4Securitas solution ACSIA would be effective in identifying this attacks and prevent the propagation in a proactive manner.

Source: https://www.zdnet.com/article/docker-servers-targeted-by-new-kinsing-malware-campaign/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top