In what researchers say is a first, attackers are performing a new container attack technique in the wild, whereby they build their own malicious images on a targeted host instead of pulling preexisting ones from a public registry. This maneuver allows the adversaries to avoid static detection by scanners that are programmed to look for suspicious images.
The attack exploits misconfigured Docker API ports in order to infect victims with a resource-hijacking cryptominer, according to a new blog post from Aqua Security, whose researchers uncovered the scheme.
“This is yet another step in the super-fast evolution of attacks against cloud-native environments in just the past couple of years,” said says the post, from Assaf Morag, lead data analyst.
“Normally, attacks against misconfigured Docker API are initiated by pulling an image from a public registry (i.e. Docker Hub) and spinning up the container on the targeted host environment,” explains Morag. But by building an original image on the host, scanners likely won’t detect a problem “since the image is built upon a standard Alpine base image a ..
Support the originator by clicking the read the rest link below.
