Hackers Scan Massive Docker Instances to Mine Crypto

Image for post
Image for post

Hackers are at it again, looking for vulnerable Docker instances so they can selfishly mine Monero.

Over the weekend, according to cybersecurity researchers at Bad Packets, what is believed to be a concerted effort to scan for known vulnerabilities in Docker deployments by cyber-criminals. These massive scans, covering over 59 thousand IP networks, are searching for victims. When they find a suitable instance, a malicious payload is deployed which includes the crypto-mining engine XMRig that enables the Monero mining for the attacker’s benefit.

For those running Docker instances, be sure you are running the latest software and to lock down the network ports.

Crypto mining-malware is common, but targeting Docker is relatively new as is the scale of such a coordinated scanning tactic to target victims. As cybercriminals become more organized, this will become the norm. The time between vulnerability release and massive scanning to find victims will narrow, especially in situations where crypto-mining can be deployed for immediate financial gains.

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store