Exposed Docker hosts can exploited for cryptojacking attacks

Researchers have uncovered thousands of Docker containers exposed online and ripe for attack for the purposes of illicit cryptocurrency mining.

Docker containers are forms of virtualization technology which can be used to package up code and dependencies for use across different computing environments and operating systems. As containers can be used to streamline IT environments and app testing lifecycles, their use has increased in recent years, with an estimated 3.5 million applications now being used in container environments across the enterprise.

See also: Researchers granted server by gov officials link Sharpshooter attacks to North Korea

It is possible to interact with Docker via terminals or remote application programming interfaces (APIs). However, if these control mechanisms are exposed, this can lead to the compromise of the container and potentially the applications contained within.

A vulnerability, CVE-2019-5736, was publicly reported in February which can be used to secure host root access from a Docker container, and as Imperva researchers note, “the combination of this new vulnerability and exposed remote Docker API can lead to a fully compromised host.”

Imperva researchers used the Shodan search engine to find open ports running Docker and how many of these were truly exposed and vulnerable to attack. 

In total, the team found 3,822 Docker hosts with the remote API open and public, and after attempting to connect to IPs via port 2735 to list Docker images, a total of 400 IPs out of 3,822 were accessible.

In the image below, the color red indicates Docker images containing cryptocurrency miners, while green highlights production environments and legitimate services such as MySQL or Apache Tomcat.

screenshot-2019-03-05-at-13-12-17.png

Illicit cryptocurrency mining, also known as cryptojacking, leverages stolen PC power to mine for coins such as Ethereum (ETH) and Monero (XMR).

TechRepublic: 3 reasons businesses are still failing at strong cybersecurity

The majority of the cryptojacking scenarios detected by Imperva were set to mine for Monero, although it has not been possible to track the source or wallet destinations for the fraudulently-obtained coins.

Cryptojacking attacks are not the only potential consequence of an open Docker container attack vector. In addition, Imperva says that such systems may be vulnerable to botnet connections, the theft of data, pivot attacks designed to tackle internal networks, and the creation of host services for phishing campaigns.

The use of remote APIs can be of value to developers and Docker users for management purposes and for the integration of third-party apps and services which need API access. However, to tackle this ongoing security issue, access should be restricted to only trusted sources.

CNET: Controversial NSA phone data collection program shut down, aide says

In November, researchers from Threat Stack said that another technique currently in active use against container systems is by probing embedded shell consoles in order to seek out vulnerabilities which can be used to inject and remotely execute code.

Threat Stack has observed recent attacks which use CNRig, based on the XMRig Monero rig, to leverage stolen computing power to mine for cryptocurrencies on vulnerable systems. 

Previous and related coverage

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022
Is The Crypto Market Combating A Lehman Brothers Moment?
June 30, 2022


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin23,104 0.25 % 3.60 % 0.98 %
Ethereum1,693.5 1.16 % 4.32 % 3.51 %
Tether1.001 0.08 % 0.06 % 0.15 %
USD Coin1.001 0.12 % 0.03 % 0.01 %
BNB318.57 0.75 % 1.88 % 12.14 %
Binance USD1.002 0.14 % 0.06 % 0.11 %
XRP0.3646 0.58 % 4.16 % 3.92 %
Cardano0.5105 0.79 % 4.51 % 0.59 %
Solana42.12 0.56 % 2.22 % 3.81 %
Polkadot8.790 1.02 % 4.88 % 7.39 %

bitcoin
Bitcoin (BTC) $ 23,084.00
ethereum
Ethereum (ETH) $ 1,685.34
tether
Tether (USDT) $ 1.00
usd-coin
USD Coin (USDC) $ 1.00
bnb
BNB (BNB) $ 317.27
binance-usd
Binance USD (BUSD) $ 1.00
xrp
XRP (XRP) $ 0.363984
cardano
Cardano (ADA) $ 0.508619
solana
Solana (SOL) $ 40.28
polkadot
Polkadot (DOT) $ 8.74