Threat actors are exploiting exposed Docker APIs to deploy malware, crypto miners, and potentially establish complex botnets, according to Akamai’s security researchers. These attacks involve container manipulation, privilege escalation, and door opening for future threats including data theft and DDoS attacks. #DockerAPI #CryptocurrencyMining
Keypoints
- Threat actors exploit exposed Docker APIs to deploy malware and miners.
- The attack begins with requesting container lists and creating new containers based on Alpine Docker images.
- Attackers manipulate host systems and escape containers by mounting the host root and executing encoded payloads.
- Malicious scripts deploy XMRig miners and modify SSH settings to establish backdoors.
- Recent variations block external API access and scan for additional vulnerable ports, hinting at botnet development.
Read More: https://www.securityweek.com/exposed-docker-apis-likely-exploited-to-build-botnet/