INSUBCONTINENT EXCLUSIVE:
Security companies Fortinet and Kromtech found seventeen tainted Docker containers that were essentially downloadable images containing
programs that had been designed to mine cryptocurrencies
Further investigation found that they had been downloaded 5 million times, suggesting that hackers were able to inject commands into
insecure containers to download this code into otherwise healthy web applications
In fact, the attack seems to be fully automated
Attackers have most probably developed a script to find misconfigured Docker and Kubernetes installations
Maciejak.The containers are now gone, but the hackers may have gotten away with up to $90,000 in cryptocurrency, a small but significant
When dealing with open public repositories and open source code, we recommend that you follow a few best practices including: know the
content author, scan images before running and use curated official images in Docker Hub and certified content in Docker Store whenever
While there are security systems available to manage Docker and Kubernetes containers, users should remain vigilant and assess their
vulnerabilities before hackers get more of an upper hand.
