The attacks weren’t the result of the Docker engine being compromised or problems within Docker’s enterprise platform but instead were the result of misconfiguration set up at the administrator level
The attackers often exploited the misconfigurations to create Docker containers through exposed API ports and then installing a wget package using system package manager, using wget to download an auto-deployment script, converting the script from DOS to Unix format, setting the executable permissions for the script, and running the script.
In order to prevent similar attacks researchers recommend organizations: harden their security posture; ensure that container images are authenticated, signed, and from a trusted registry; enforce the principle of least privilege; properly configure how much resources containers are allowed to use; and enable Docker’s built-in security features to help defend against threats.
https://www.scmagazine.com/home/security-news/cybercriminals-exploit-misconfigured-container-to-deliver-cryptominer/
No comments:
Post a Comment