Security News > 2020 > December > Misconfigured Docker Servers Under Attack by Xanthe Malware
Researchers first discovered Xanthe targeting a honeypot, which they created with the aim of discovering Docker threats.
Misconfigured Docker servers are another way that Xanthe spreads.
Researchers said that Docker installations can be easily misconfigured and the Docker daemon exposed to external networks with a minimal level of security.
Various past campaigns have been spotted taking advantage of such misconfigured Docker installations; for instance, in September, the TeamTNT cybercrime gang was spotted attacking Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring tool called Weave Scope.
In April, an organized, self-propagating cryptomining campaign was found targeting misconfigured open Docker Daemon API ports; and in October 2019, more than 2,000 unsecured Docker Engine hosts were found to be infected by a cyptojacking worm dubbed Graboid.
News URL
https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/
Related news
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Over 660,000 Rsync servers exposed to code execution attacks (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)