New Attack Technique Uses Misconfigured Docker API

  /     /     /  
Publicated : 23/11/2024   Category : security


New Attack Technique Uses Misconfigured Docker API


A new technique builds and deploys an attack on the victims own system



Researchers have discovered a new technique that lets an attacker to build and deploy an image on a victims host. The attack exploits a misconfigured Docker API port to build and run a malicious container image on the host.
In the observed attack, the adversary used a
Docker SDK for Python
package to send commands to a misconfigured Docker API. The aim, in the observed instance, was to execute a resource-hijacking attack using a cryptominer.
Assaf Morag of Team Nautilus, Aquas cybersecurity research team, observed this technique. He points out that because the attack builds and executes malicious code on the victims host, most defense tools are ineffective because they tend to scan malicious code coming in from outside the network perimeter. Morag says network-level detection/prevention security scanning could be effective in stopping the attack by disrupting communications with the C2 server. Ongoing dynamic threat analysis is another recommended strategy for defense.
For more, read
here
.
 
 
Register now for this years fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for detail on
conference information
 and
to register
.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
New Attack Technique Uses Misconfigured Docker API