Cryptocurrency mining and DDoS attacks on Docker servers

Cyberattackers are taking the opportunity to target exposed Docker API endpoints, a project that automates the deployment of applications within software containers, to create images infected with malware to facilitate distributed denial of service (DDoS) attacks and mine cryptocurrencies.

According to a report released by the Palo Alto Networks Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by implementing a cryptocurrency mining system, using Docker containers, and leveraging the Docker Hub repository. to distribute these images.

Additionally, in a new massive scan operation detected by Trend Micro researchers, unprotected Docker servers are being attacked with at least two different types of malware, XOR DDoS and Kaiji, to collect system information and carry out DDoS attacks.